How COVID-19 changed the security landscape

Matthew Heath | Principal Threat Intelligence Analyst, FIS

July 20, 2020

COVID-19 is among the most disruptive events in modern history. We’re all changing our behaviors in simple and profound ways as our routines adjust to new realities.

Criminals are no exception. COVID-19 created a great deal of chatter across the dark web, and some of the discussions contained unique surprises. Fraudsters see disruption as opportunity and that translates into threats that require awareness and strategic response.

COVID-19, fraud and the dark web

Dark web activity spiked dramatically in mid-March, specifically when U.S. municipalities announced stay at home orders. Increased chatter was directly related to COVID-19 as criminals were plotting how they could take advantage of this new landscape.

Heading into April, fraudulent activity started to shift as criminals began changing up operations. Overall fraud volumes were showing slight declines as brick and mortar business were closing, but as economic activity slowed to a crawl, fraudsters were finding success in shifting to eCommerce fraud. Many criminals found success turning to shipping schemes, as well as attacks against peer-to-peer services such as Venmo and Zelle.

Beyond the world of fraud, scams reigned supreme. If it wasn’t sharing methodologies to attack eCommerce platforms, they were scheming how they make money in other ways. Fraudsters are sharing phishing methods, along with strategies to attack insurance and unemployment claims. We also witnessed an increase in traditional black-market behavior, such as fake coronavirus tests or allegedly contaminated materials.

Interestingly, we do see a moral debate rising. Fraudsters are definitely taking advantage and utilizing a multi-pronged strategy to monetize COVID-19 but they are also just as concerned about health as any other consumer. Many have committed to staying away from profiting off the healthcare industry in case they need critical medical intervention at some point.

Latest cybersecurity trends and threats

The leading problem in cybersecurity globally is themed phishing attacks. Everyone cares and wants information about COVID-19, creating a global vulnerability. Criminals now have a global entry point for social engineering—a “fast lane” for phishing. Google reports that in the wake of COVID-19 they’re stopping an unprecedented 240 million spam emails and 18 million malicious emails per day related to the pandemic.

Ransomware is on the rise and needs to be front of mind for every cybersecurity team. Ransomware helps fraudsters turn phishing into profit quickly by encrypting your files, denying you access to your data and demanding payment for recovery. The latest twist to increase pressure is the threat of data exfiltration. Ransomware victims now not only face losing access to their data, but having it fall into the hands of the highest bidder on the dark web.

Nation-state groups, financially motivated groups and other criminals are still conducting their usual campaigns, now simply under the cover of “COVID paint.” Espionage campaigns, POS malware, attack on a website payment pages (known as “e-skimming”) are all still happening at scale.

We’re also seeing an increase in banking trojans and info-stealers that capture usernames, passwords, account numbers as well as personally identifying data.

COVID-19 cybersecurity best practices

A comprehensive security awareness program is more critical now than ever. Security experts need to be in routine communication with key decision-makers within your organization about your risk profile.

Security experts should be socializing examples of malicious activity to help guard against social attacks with examples of bad emails and dangerous attachments. Further, it’s crucial to establish expectations for what valid communications look like during times of disruption. An employee should have a clear understanding of what “bad” looks like, while also knowing that a valid email will come from specific sources and refrain from using things like attachments.

Lastly, ransomware defense is essential. Backups of systems and machines are crucial, and they should be stored in an isolated manner. Performing routine patches and security updates is also proving more critical than ever. Talk to your information security department to understand what defenses are in place.