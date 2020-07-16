It would be fitting with the current apocalyptic narrative to designate this as a new low set by cybercriminals. However, the sad reality is that criminals generally, and cybercriminals specifically, operate best when people are afraid. Fear works to chip away at an individual’s critical faculties, driving them towards scams which in ordinary circumstances they would never fall victim to. Below, you’ll see a few examples of cybercriminals working to prove that crises, major news and other geopolitical events, have the capacity to bring out the best in humanity but also, sadly, the worst.

In today’s uncharted waters, it’s fair to say there are many industries which are struggling. With hotels and restaurants around the globe forced to close indefinitely and businesses fighting against a global economic downturn from Covid-19, the first few months of 2020 have been marked not just by the biggest public health crisis since the First World War, but by the most sustained period of economic uncertainty since the 2008 financial crisis.

However, there is one black market industry which is not just surviving but thriving. In times of global panic, geopolitical uncertainty and general chaos, cybercriminals find new and inventive ways to scam the general public when they are at their most vulnerable.

This is something we’ve seen first-hand in recent months. As Coronavirus spread across the globe, disrupting national life on almost every continent and leading to the lockdown of 25 per cent of the world’s population, cybercriminals decided to rub salt in humanity’s collective wounds by hiding a piece of ransomware–Christened CovidLock by The DomainTools Security Research Team–in an app purporting to track the spread of the virus.

Hackers have also stooped so low as to attack the organisation most readily charged with keeping the public safe during this unprecedented public health crisis, with the DarkHotelAPT group attacking the World Health Organisation, possibly looking for information on vaccination developments.

Australian bushfires and BEC fraud

According to the Scamwatch website, set up by the Australian government to track consumer-facing scams, many phishing campaigns impersonating or falsifying charities hoping to aid those affected by the bushfires were launched as the country was fighting to protect its people and its wildlife. In addition to these, BEC scams approaching high-ranking individuals at Australian corporations who may have decided to help in the effort became extremely common.

The Australian bushfires may seem like a distant memory now, but the natural disaster that ravaged Australia from June 2019 through the rest of the year, covering an area the size of Belgium in flames, resulted in a wave of scams capitalising on people’s understandable horror at the unfolding crisis.

International aid and mobile scams

It’s not just global instability that cybercriminals can exploit. There have been examples of criminals targeting the organisations responsible for alleviating the stresses of these kinds of events. For example, In October of last year, researchers from Lookout discovered a sustained campaign of mobile phishing efforts, targeting some of the most important international and humanitarian organisations on the planet, including Unicef, the Red Cross and the UN. Mobile phishing campaigns have grown in popularity in recent years, as the browser pages unintentionally mask phishing pages by altering the visible URLs.

Hurricanes and profiteering

The previous year, in fact, cybercriminals had taken advantage of Hurricane Michael to steal credit card numbers by leveraging the blob storage on Microsoft Azure and malicious PDF email attachments. The phishing campaigns that were circulating purported to be charities and organisations assisting the victims of the hurricane, socially engineered to create a sense of urgency in the kind-hearted donors wishing to contribute to the recovery of the affected areas.

Disaster profiteering is not a new phenomenon. From contractors pocketing millions in deals to low-level criminals breaking into the dishevelled properties to steal whatever of value, calamities bring out people’s vulnerable side that someone is always ready to exploit–even cybercriminals.

In May 2019, the US Cybersecurity and Infrastructure Security Agency (CISA) released a warning to hurricane victims and potential donors to alert them of malicious cyber-activity targeting them ahead of the hurricane season.

The World Cup and phishing scams

One such example of this is the 2018 World Cup, which saw a significant rise in phishing scams targeting football fans all over the world. Interestingly, these scams seemed not to offer free tickets (which perhaps consumers have realised are too good to be true), but instead offered World Cup schedule and scoresheet spreadsheets, which unleashed malware on unsuspecting fan’s devices.

It is worth bearing in mind that cybercrime does not feed exclusively from bad news. Sometimes it is just large global events that provide hackers and scammers with the opportunities they need to target the general public.

The good news: Security pros are fighting back

It would be safe to say that the cybersecurity community has been working twice as hard since day one of the coronavirus pandemic. Conscious that threat actors would attempt to exploit the crisis, they responded by pulling together and joining their forces, as determined as ever to stop them.

Fortunately, while cybercriminals join their forces to profit from geopolitical events, good and bad, cybersecurity professionals are working non-stop to prevent their success.

The Coronavirus outbreak may have brought out the worst in threat actors and hacking groups, but it also spurred a collaboration between security professionals and vendors. Many, in fact, have joined forces to fight back the wave of Covid-19 themed scams to protect the public from misinformation and from online frauds preying on the public’s weaknesses in this difficult moment in history.

One such initiative is CV19 (Cybersecurity Volunteers 19), a non-profit group of information security professionals that counts over 3,000 volunteers, which is working to show healthcare organisations that the cybersecurity community has their back.

Individual vendors also took it upon themselves to make intelligence available to the public for free. DomainTools collated a list of Covid-19 themed malicious domains that could be used to spread disinformation and to launch phishing campaigns, and made it freely accessible on its website. Others, like the cybersecurity training vendor KnowBe4, are now offering a home course for internet security, useful to organisations that had to suddenly shift to remote working.

Conclusion: Vigilance is key

The examples outlined above are evidence of one thing: Cybercriminals do not exist in a vacuum. They will use the news to their advantage, whatever that news is and however unscrupulous a form this takes. This, when combined with the potential effects of social engineering–researching an individual’s job, interests or hobbies, for example–can make for extremely well targeted campaigns, playing on either individual or collective fears or interests of the populace. The only way for consumers to stay safe in this scenario is to assume the worst: Make sure any communication you receive is legitimate, whether in a personal or professional capacity, and exercise caution always. For security researchers however, the message to cybercriminals is this: We see you, and we’ll carry on working to stop you.

Tarik Saleh, senior security egineer, DomainTools