TFL Vsebine / TFLGlasnik

(United States Attorney Scott Brady)[1]

Scott Brady, odvetnik iz ZDA, je dejal: “Menim, da bomo dejansko doživeli val kibernetskih napadov in prevar brez primere. In na to skušamo pripraviti naše partnerje in javnost.”

1. INTRODUTION

Since its early beginning and throughout human history, humankind has suffered from a wide range of influential events that have affected individuals, communities, societies, and states. Wars, disasters, pandemics, floods, whether human-made or by the force of nature, we have faced a wide range of catastrophes around the world. Although those events affected masses and some of them caused the loss of lives of millions, there have always been those who have exploited calamities and taken advantage of catastrophes for a variety of purposes. The reasons were to gain political and ideological benefits, spread hatred, stage revolts, stir up ethnic unrest and discrimination, and the possibility of financial advantages and gains, as asserted by Kratcoski (2018): “black market and corruption have always flourished during wartime.”

The widespread Internet and its technological means serve noble as well as malicious purposes. The nature of the Internet and its features of speed and virality facilitate the spread of information, news, aid campaigns, and national and international efforts for relief and support. Nevertheless, those characteristics of the Internet also facilitate malicious acts for different purposes, including criminal – cybercrime.

The coronavirus era lays the ground for waves of malicious cyber activities by different actors. However, since we are in the middle of those cyber waves, there is a need for their examination. The study will evaluate current trends and predict the near future in terms of coronavirus-related online malicious activities.

2. RESEARCH METHODS

In recent years, we have witnessed disasters being used by cybercriminals for diverse criminal purposes: in mid-March 2014, warnings were published about Facebook malware distributed by a fake video claiming that the missing plane MH370 was found (Khandelwal, 2014). In late August 2017, the US Cybersecurity and Infrastructure Security Agency (CISA) warned of "potential Hurricane Harvey phishing scams" (CISA, 2017) . In Australia, massive bush fires motivated the good spirit of mankind in aid campaigns. However, scammers used this catastrophe to come up with "hundreds of bushfire donation scams" with the intention of stealing credit card and personal information (Elsworthy, 2020). The same happened over the years, as seen in early 2010, when "Haiti donors warned against scam emails" following the earthquake (H. Osborne , 2010), and with "scam messages asking for donations to Nepal earthquake relief" in May 2015 (Australian Government, 2015).

Aguirre and Lane (2019) indicate that crimes and frauds occur during the earliest phases of disasters, and that "the probability for the occurrence of costlier crimes, akin to white-collar crime, increases as time elapses." Therefore, the study aims to analyze coronavirus-related cyber-attacks and cybercrimes, to map current malicious activities during the first months of the outbreak (February-May 2020) and to try to predict how the coronavirus outbreak and lockdown may affect and trigger new malicious cyber activities in the long run. Thus, the paper analyzes coronavirus-related cybercrimes and cyber-attacks as published in various media outlets, either information security media sources or general media outlets, private blogs, governmental and non-governmental sources.

3. FINDINGS

The coronavirus outbreak and lockdown created new challenges and risks for individuals, corporations and countries around the globe due to the swift and sharp change in our daily life and day by day activities, at home or work, private life and leisure or professional and occupational life, which affected every one of us. This change served as fertile ground for a wide range of malicious actors.

Cybercriminals identified the new opportunity for a wide range of malicious activity for financial gains from the early days of the coronavirus outbreak. As a result, government agencies and information security providers indicate a tremendous increase in coronavirus-related cyberattacks and cybercrimes: Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said that between 3,000 and 4,000 cybersecurity complaints had been received in April per day, an increase from the typical 1,000 complaints per day prior to the pandemic (Miller, 2020); 42% of UK employees working remotely during the coronavirus have received suspicious emails (Canter, 2020); The Federal Trade Commission received more than 7,800 coronavirus-related reports from consumers, double what they were about a week earlier (Henderson, 2020); Atlas VPN researchers revealed that during April 2020, about 404 million malware infections have been identified, 64% of them targeting educational institutions (Waqas, 2020); the number of scam attacks in Russia increased 10 times (E Hacking News, 2020); Zscaler ThreatLabZ revealed an increase of 30,000% in phishing, malicious websites and malware, related to the coronavirus, targeting remote users – 1,200 in January, 10,000 on February and 380,000 on March, in addition to more than 130,000 suspicious newly registered domains (NRDs), probably most of them by cybercriminals who register new domains to take advantage of words associated with the coronavirus outbreak, such as 'test', 'mask', 'Wuhan' and 'kit' (Desai D., 2020). On mid-April, Google Cloud blog indicated that "during the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages" (Kumaran & Lugani, 2020); 30-40% increase in cyber-attacks during the coronavirus outbreak (SentryBay, 2020). Another survey indicated that 51% of the responders "have already seen an increase in email phishing attacks since shifting to a remote working model" (Shi, 2020). In addition, from February to April 2020 there was an increase of 238% in cyberattacks and a nine-fold increase in ransomware attacks against financial sectors (Kellermann & Murphy, 2020).

Cybercriminals used different types of malicious attacks during the coronavirus outbreak, among them are cyber-attacks, ransomware (Nichols, 2020), information theft, phishing (Morrison, 2020), scam texts (Brown, 2020) and distribution of malware (Wei, 2020). Verint indicated that Malspam (malware delivered via email messages), phishing, and information stealer programs have been the most popular attack vectors between the 1st of March and the 18th of April "used in 66.6% of the campaigns analyzed" (Verint, 2020).

The malicious attacks made by cybercriminals and nation-state actors were intended to create various benefits for them, including financial gain and coronavirus-related espionage, taking advantage of the coronavirus pandemic fear, uncertainty and doubt (Slagell, 2009; Tidy, 2020). Due to the stay-at-home orders and working from home, there are more people at home using the Internet and computers more than usual, increasing the opportunity for attackers to mount financial scams and cyberattacks. Therefore, different attackers, and even ideological activists, may use various ways to take advantage of the implications of the coronavirus outbreak (directly or indirectly related to the outbreak) to promote their various malicious purposes. Most of those attacks constitute cybercrimes against the full range of targets belonging to individuals and businesses, and cyber-attacks mainly targeting the healthcare sector worldwide for stealing coronavirus-related information and researches:

Cybercrime

1. Financial frauds –

a. Impersonation of authoritative government organizations and institutions – Such as the World Health Organization (WHO), Disease Control and Prevention (Centers for Disease Control - CDC), including malicious websites mimicking the WHO's internal email system in order to spread malware (Satter, Stubbs & Bing, 2020; Palli, 2020).

b. Fake health equipment – Fake cures, vaccines, treatments, equipment, and testing kits. INTERPOL coordinated 'Operation Pangea' between 3-10 March 2020. The operation involved 90 countries targeting coronavirus-related trafficking in counterfeit medicines, which resulted, inter alia, in 121 arrests, 37 organized crime groups being dismantled, and 48,000 packages being seized (EUROPOL, 2020).

c. Fake healthcare alert platforms – Among them are fake Android applications that track the coronavirus spread across the globe (Desai S., 2020) and spy malware disguised as a 'coronavirus map' (Krebs, 2020; Brewster, 2020b).

d. Fake financial aid – Fraudulent financial donations, grants, aid allegedly given by government agencies.

e. Fake refunds – Such as fake airline ticket refunds (Addison, 2020).

2. Data breach – Cybercriminals hacked popular websites and platforms and sold their merchandise on the darknet, including the credentials of half a billion zoom accounts (Abrams, 2020b),

3. Online child pornography – Europol expressed its concern over the rise in such cybercrimes due to the increase in accessibility of children online due to the stay-home orders (Associated Press, 2020).

Cyber-attacks against the healthcare sector – The healthcare sector was the target of many of those cyber-attacks: 20% of coronavirus-related attacks (Verdict, 2020; Verint, 2020); 27% of all cyberattacks in 2020 targeted the healthcare and the financial sectors (Kellermann & Murphy, 2020). Hospitals, research institutions, and testing laboratories with coronavirus-related researches were targeted by cyberattacks, cyber espionage, ransomware, and leaks around the world, in most cases, to steal research data, possible treatments and vaccine. Google described those attacks as "government-backed attacker groups", while others point the fingers to Iran, Russia, and China (Osborne S., 2020; Grierson & Devlin, 2020).

Among the healthcare sector targets are: Gilead Sciences in the U.S. targeted by Iranian hackers (Klebnikov, 2020); a Canadian government healthcare organization and medical research university (Paganini, 2020a); a U.K. medical firm (Goodwin, 2020); U.S. hospitals (Abrams, 2020b); coronavirus testing laboratories in the Czech Republic (Paganini, 2020b) - a cyberattack that made U.S. Secretary of State Mike Pompeo express his concern (Pompeo, 2020). Apart from that, leaks of 25 thousand email credentials from the National Institute of Health (NIH), the Centers for Disease Control and Prevention (CDC), the World Bank, the World Health Organization (WHO), the Gates Foundation, and the Wuhan Institute of Virology (Wakefield, 2020).

In addition to the healthcare sector, those malicious and criminal attacks targeted a wide range of entities worldwide, among them: the German government (Dent, 2020), Indian cybersecurity firms (TelanganaToday, 2020), Azerbaijan government and energy sector (Mercer, Rascagneres, & Ventura, 2020). We even witnessed some cases of fake news, disinformation, misleading, conspiracies, and myths relating to the outbreaks, treatment, and motives of the coronavirus (Goodman, 2020; Gruzd & Mai, 2020).

4. DISCUSSION

Current data indicates that cybercriminals have already identified the potential of the coronavirus pandemic for various types of malicious online activities. We are witnessing how fast the coronavirus was mobilized for various malicious intentions worldwide, while some of those activities, which have been mentioned by Stratton (2018) and occurred in previous disasters, have already been identified.

Most researchers agree that we may face new waves of cyberattacks in the next months with a higher level of complexity and severity: Over the coronavirus era, we witnessed an initial surge in cybercrime, followed by a decrease toward the end of April. Changes also occurred in the level of complexity of the cyberattacks. The initial attacks were "quite simple", but they became "more complex" when the pandemic reached Europe. Although the European Union's law enforcement agency estimates a "return to previous levels of classic illegal activities" with the ease of lockdown measures, it predicts that the outbreak will create "new opportunities for criminal activities that will be exploited beyond the end of the current crisis" (Associated Press, 2020). According to another prediction, "The crisis will end. However, the threats will persist. Protect your enterprise." (Desai D., 2020). The reason for those alerts may be found in the following data: according to a Barracuda research, 55% of the responders (1,000 business decision makers in the UK, U.S., France, and Germany) say they would not have implemented remote working within the next five years had it not been for the coronavirus crisis; 56% plan to continue widespread remote working after the crisis is over; and 53% report that the coronavirus crisis made them accelerate plans for moving all their data to 100% cloud-based model. Therefore, it is not surprising that 49% of the responders indicate that they fully expected to see a data breach or cybersecurity incident in the next months due to remote working. However, one of the most alarming figures indicates that 40% of the respondents have cut their cybersecurity budgets as a cost-saving measure to help tackle the coronavirus crisis (Shi, 2020).

To sum up, the surveys revealed several trends:

1. The massive shift of businesses into a remote working model
2. Which means personal laptops on unsecured home Internet connections with access to confidential and personal data work files
3. It is intended to continue with this working model in the future, while there is
4. Workforce not trained enough in cyber risks associated with a remote working model
5. With no confidence in the security of their web applications, and eventually
6. Reduction of cybersecurity budgets

In addition to the already known cyber-attacks that have occurred, there is grave concern that different actors may soon take advantage of the coronavirus outbreak for some malicious activities. Such activities may include money laundering as part of economic recovery (Monroe, 2020; Chopra, 2020) and even cyber-attacks that may target the election systems in the U.S. (Wojtas, 2020). Therefore, it is easy to understand and accept some definitive predictions of massive cyber-attacks and data leaks that may take place in the following months. One of them declared explicitly, “The coronavirus is laying the groundwork for a massive cyberattack. In fact, I’m on record today saying we’ll see the largest cyberattack in HISTORY within the next six months.” (McBride, 2020). Those cyber-attacks may soon be added to eight types of already known physical disaster-relief fraud schemes, as mentioned by Stratton (2018).

5. CONCLUSIONS AND FUTURE RESEARCH

Based upon past disaster frauds and research, we may predict that the division made by Aguirre and Lane (2019) into two types of disaster fraud may apply to the coronavirus pandemic as well: present low-cost frauds and scams, and future costlier, long-term and more sophisticated crimes, which may include fake donation campaigns for aid and relief, advertising campaigns for an alleged product purporting to identify or even cure the coronavirus, as well as insurance and commercial fraud.

Future research may indicate how the coronavirus will be used for diverse malicious activities in various sectors and countries over the next months and examine several coronavirus-related phenomena such as diversity in cyber-attacks according to the gender of the victims (PTI 2020, Coble 2020). Over the years, authorities and academic research have worked to raise the awareness of the victims, donors and general public alike, for disaster fraud (Cavanagh, n.d.; Iowa Department of Justice, 2007) including in educational games to avoid online scams (Baslyman & Chiasson, 2016). Future research may also analyze the activities of the authorities around the globe to confront such online malicious activities, especially on raising the awareness of Internet users to such cyber-attacks and cybercrimes and empowering them in areas related to cyber risks, to be able to confront such malicious activities and try to minimize those cyber threats.

6. REFERENCES

1. Abrams, L. 2020. “Over 500,000 Zoom accounts sold on hacker forums, the dark web.” BleepingComputer. [source, accessed 13^th April 2020].

2. Abrams, L . 2020. “Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic.” Bleeping Computer. 26 March. [source, accessed 26^th March 2020].

3. Addison, K.. 2020. “Threat Intelligence Briefing: Surging Spam And Impersonation Attacks Drive Increasing Coronavirus Cyber Threats.” Mimecast. 16 April. [source, accessed 16^th Aptil 2020]./.

4. Aguirre, B.E., and Lane, D. 2019. “Fraud in disaster: Rethinking the phases.” International Journal of Disaster Risk Reduction 39. doi.

5. Associated Press. 2020. “Criminals Quick to Exploit COVID-19 Crisis in Europe.” Associated Press. 30 April. Source.

6. Australian Government. 2015. Watch out for scam messages asking for donations to Nepal earthquake relief. [source, accessed 4^th May 2020].

7. Baslyman, M., and Chiasson, S.. 2016. “"Smells Phishy?": An educational game about online phishing scams.” 2016 APWG Symposium on Electronic Crime Research (eCrime) (IEEE). doi:10.1109/ECRIME.2016.7487946.

8. Brewster, T.. 2020. “An ‘Unprecedented’ Wave Of Coronavirus Scams Is Coming, U.S. Attorney Warns.” Forbes.. [source, accessed 18^th March 2020].

9. Brewster, T. 2020. “Coronavirus Scam Alert: COVID-19 Map Malware Can Spy On You Through Your Android Microphone And Camera.” Forbes. [source, accessed 18^th March 2020]..

10. Brown, Z. 2020. KDHE says scam texts about coronavirus are being sent to Kansans. [source, accessed 12^th March 2020].

11. Canter, L. 2020. “Coronavirus: Half of remote workers 'victims of cybercrime'.” [source, accessed 29^th April 2020]

12. Cavanagh, J. n.d. “Preventing Fraud Following a Disaster.” The Texas A&M University System. [source].

13. Chopra, M.. 2020. “The coronavirus requires a new way to fight laundering.” Payments Source. [source, accessed 30^th April 2020].

14. CISA. 2017. “Potential Hurricane Harvey Phishing Scams.” National Cyber Awareness System. [source, accessed 28^th August 2020]..

15. Coble, S. 2020. “More Men than Women Fall Victim to Cybercrime.” Infosecurity. [source. Accessed 6^th May 2020].

16. Dent, St.. 2020. “COVID-19 scammers may have stolen millions from the German government.” Engadget. [source, accessed 20^th April 2020].

17. Desai, Deepen. 2020. “30,000 Percent Increase in COVID-19-Themed Attacks.” Zscaler. [source, accessed 23th April 2020].

18. Desai, S. 2020. CovidLock: Android Ransomware Walkthrough and Unlocking Routine, Zscaler [source, accessed 16^th March 2020].

19. E Hacking News. 2020. “Russians began to click on scam sites 10 times more often.” E-Hacking News. [source, accessed 10^th May 2020].

20. Elsworthy, E. 2020. “Hundreds of bushfire donation scams circulating — how to tell if you've been duped.” ABC News. [source, accessed 6^th February 2020].

21. EUROPOL. 2020. “Rise of Fake 'Corona Cures' Revealed in Global Counterfeit Medicine Operation.” EUROPOL. [source, accessed 21^st March 2020].

22. FBI. 2020. “FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC.” [source, accessed 20^th March 2020].

23. Goodman, J. 2020. “Coronavirus: The fake Bill Gates post and other claims to ignore.” BBC. [source, accessed 28^th March 2020].

24. Goodwin, B. 2020. “Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack.” Computer Weekly. [source, accessed 22nd March 2020].

25. Grierson, J. and Devlin, H. 2020. “Hostile states trying to steal coronavirus research, says UK agency.” The Guardian. [source, accessed 3^rd May 2020].

26. Gruzd, A., and Mai, P. 2020. “Conspiracy theorists are falsely claiming that the coronavirus pandemic is an elaborate hoax.” The Conversation. [source, accessed 23^rd April 2020].

27. Henderson Gruenwald, J. 2020. “FTC Data Shows Jump in Coronavirus-related Complaints from Consumers.” Federal Trade Commission. [source, accessed 31^st March 2020].

28. Huntley, S. 2020. “Findings on COVID-19 and online security threats.” Google Threat Analysis Group. [source, accessed 22^nd April 2020].

29. Iowa Department of Justice . 2007. “Donation Scams in the Wake of a Storm or Disaster.” Office od Attorney General, Iowa Department of Justice. [source].

30. Kellermann, T. and Murphy, R. 2020. Modern Bank Heists 3.0. VMware. [source].

31. Khandelwal, S. 2014. "BEWARE of new Facebook Malware Claims, 'Malaysia Plane MH370 Has Been Spotted'." The Hacker News. [source, accessed 14^th March 2020].

32. Klebnikov, S. 2020. “Gilead Sciences Targeted By Hackers Linked To Iran: Report.” Forbes. [source, accessed 8^th May 2020].

33. Kratcoski, P. C. 2018. “Fraud and Corruption in Times of Disaster.” Fraud and Corruption (Springer, Cham) 139-157. doi.

34. Krebs, B. 2020. “Live Coronavirus Map Used to Spread Malware.” Krens on Security. [source, accessed 12^th March 2020].

35. Kumaran, N. and Lugani, S. 2020. “Protecting businesses against cyber threats during COVID-19 and beyond.” Google Cloud. [source, accessed 16^th April 2020].

36. McBride, St. 2020. “Why The Largest Cyberattack In History Could Happen Within Six Months.” Forbes. [source, accessed 14^th May 2020]..

37. Mercer, W., Rascagneres, P., and Ventura, V.. 2020. “PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors.” Talos. [source, accessed 16^th April 2020].

38. Miller, M. 2020. “FBI sees spike in cyber crime reports during coronavirus pandemic.” The Hill. [source, accessed 16^th April 2020].

39. Monroe, B. 2020. “Regional Report – Europe: Fraud, cybercrime, surging now, AML must later look for launderers hiding in economic recovery, volatility.” Association of Certified Financial Crime Specialist. [source, accessed 1^st May 2020].

40. Morrison, S. 2020. Coronavirus email scams are trying to cash in on your fear. [source, accessed 5^th March 2020].

41. Nichols, S. 2020. Fresh virus misery for Illinois: Public health agency taken down by... web ransomware. Great timing, scumbags. [source, accessed 12^th March 2020].

42. Osborne, H. 2010. “Haiti donors warned against scam emails.” The Guardian. [source, accessed 18^th January 2020].

43. Osborne, S. 2020. “Iran and Russia launch cyber attacks on universities desperately searching for COVID cure.” Express. [source, accessed 3^rd May 2020].

44. Paganini, P. 2020. “Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware.” Security Affairs. [source, accessed 14^th April 2020].

45. Paganini, P. 2020. One of the major COVID-19 testing laboratories in Czech hit by cyberattack. [source, accessed 14^th March 2020].

46. Palli Chigilli, I. 2020. “More Phishing Campaigns Tied to Coronavirus Fears.” GovInfoSecurity. [source, accessed 11^th February 2020].

47. Pompeo, M. R. 2020. “The United States Concerned by Threat of Cyber Attack Against the Czech Republic’s Healthcare Sector.” U.S Department of State. [source, accessed 17^th April 2020].

48. PTI. 2020. “Amidst COVID-19 lockdown ‘significant’ increase in cyber crimes against women: Experts.” The Statesman. [source, accessed 3^rd May 2020].

49. Satter, R.,Stubbs, J., and Bing, Ch. 2020. “Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike.” Reuters. [source, accessed 23^rd March 2020].

50. SentryBay. 2020. “Security Expert Predicts At Least 30-40% Increase in Cyber-attacks During Coronavirus.” SentryBay. [source, accessed 19^th March 2020].

51. Shi, F. 2020. “Surge in security concerns due to remote working during COVID-19 crisis.” Barracuda. [source, accessed 6^th May 2020].

52. Slagell, A. 2009. “Fear, Uncertainty and Doubt: The Pillars of Justification for Cyber Security.” [source].

53. Stratton, S. J. 2018. “Disaster-Relief Fraud: A Dark Side of Disasters.” (Cambridge University Press) 33 (1). doi.

54. TelanganaToday. 2020. “Cyber criminals exploiting Covid-19 outbreak to hack Indian data.” Telangana Today. [source, accessed 29^th April 2020].

55. Tidy, J. 2020. “Coronavirus: How hackers are preying on fears of Covid-19.” BBC. [source, accessed 13^th March 2020].

56. Verdict. 2020. “Healthcare cyber attacks increasing during Covid-19 pandemic.” Verdict. [source, accessed 29^th April 2020].

57. Verint. 2020. “Changes in the Threat Landscape Under the Global Influence of COVID-19.” [source].

58. Wakefield, J. 2020. “Coronavirus: Health leaders' credentials dumped online.” BBC. [source, accessed 22^nd April 2020].

59. Waqas. 2020. “Researchers detected 400 million malware infections in April 2020.” HackRead. [source, accessed 10^th May 2020].

60. Wei, W. 2020. Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords. [source, 11^th March 2020].

[1] (Brewster, 2020a)