On August 4, the International Criminal Police Organization (INTERPOL) announced the results of its report of the impact of the COVID-19 pandemic on cybercrime. The report found that cybercriminals – in the words of INTERPOL Secretary General Jürgen Stock – “are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”
Key findings in the INTERPOL report included the following:
- Volume of COVID-19 Cybercrime Activity: One of INTERPOL’s private-sector partners found that in just one four-month period, from January to April 2020, it detected approximately 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs, all related to COVID-19.
- Online Scams and Phishing: The report showed that threat actors had revised their usual online scams and phishing schemes. Approximately two-thirds of INTERPOL-member countries that responded to INTERPOL’s global cybercrime survey “reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.” Cybercriminals have been able to influence victims into providing their personal data and downloading malicious content “[b]y deploying COVID-19 themed phishing emails, often impersonating government and health authorities.”
- Disruptive Malware (Ransomware and Distributed Denial of Service Attacks): Tyhe report commented that cybercriminals “are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.” It observed that in the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.” It also found a noteworthy refinement in ransomware attacks: that “the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations.”
- Data Harvesting Malware: The report saw an increased deployment “of data harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans by cybercriminals,” using COVID-19 related information to infiltrate systems.
- Malicious Domains: The report also identified “a significant increase of cybercriminals registering domain names containing keywords, such as ‘coronavirus’ or ‘COVID” to take advantage “of the increased demand for medical supplies and information on COVID-19.”, there has been. An INTERPOL private-sector partner received reports indicating that from February to March 2020, there has been a 569 per cent growth in malicious registrations, including malware and phishing, and a 788 per cent growth in high-risk registrations.
- Misinformation: The report stated that an “increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.” The INTERPOL global survey revealed that nearly 30 per cent of responding countries “confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware.” The report also mentioned “reports of misinformation being linked to the illegal trade of fraudulent medical commodities” and “scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets.”
The report also identified four future areas of concern:
- Further Cybercrime Increase: A further increase in cybercrime “is highly likely in the near future,” as cybercriminals seek to exploit vulnerabilities “related to working from home and the potential for increased financial benefit.”
- Use of COVID-19 Themes: Threat actors “are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.”
- Business Email Compromise (BEC) Schemes: BEC schemes “will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.”
- Availability of COVID Vaccine: “When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.”
Note: Although there has been extensive reporting with regard to the exploitation of COVID-19 for various types of cyberattacks, the report provides significant data to document how great the explosion of such cyberattacks has been during 2020. Information-security and corporate-compliance officers in public- and private-sector entities should provide excerpts of the report’s key findings to senior executives in their organizations, and incorporate selected information into in-house information-security trainings and briefings.