During the global COVID-19 pandemic, sophisticated cyber criminals have also adopted the work from home model, leading to a significant increase in the number of attacks against organizations worldwide.
Although lockdowns have now become a regular part of our lives, we’re all still eagerly waiting to return to our regular routines. Thanks to the vaccine, this may happen sooner rather than later. Meanwhile, however, countless people worldwide have seen their livelihoods and sources of income shrink or even evaporate as a result of lockdowns and quarantines. Even law-abiding citizens have been forced to work under the table in creative ways to supplement their income.
Yet, it wasn’t only ordinary people who were harmed. Let’s not forget about criminals. Think about what happened during the lockdowns. Stories of criminals breaking into homes or stealing cars have almost completely disappeared. Since most people are stuck at home all day, it has become pretty difficult to surreptitiously sneak into a stranger’s home. Stealing a car is no easier. Roads are empty and there are police checkpoints on major highways and junction points. It’s easy to locate a stolen vehicle on a deserted road.
Hence, even criminals have been forced to sit at home doing nothing. Their income is impacted and they too have debts and children to support.
We’ve already noticed that whenever lockdowns are slightly eased, crimes rates jump immediately. The expectation is that crime will increase as we are able to better manage the coronavirus medically. Criminals must recoup lost income.
A Cyber Crime “Career Change”
In the meantime, until it’s possible to return to our normal routine, criminals have already found a new source of income: cyber crime. In other words, criminals have also moved to work from home remotely. These days it’s become nearly impossible to target an elderly woman on the street and steal her purse. However, it is possible to steal someone’s wallet through the computer, without ever leaving home.
According to their level of sophistication, any criminal can steal information to sell it. They are also capable of threatening to disrupt activity in exchange for bribes, or to exchange inside information or trade secrets. Many criminals who operated in the “physical world” before the COVID-19 pandemic have since undergone a career change and pivoted to the “virtual world” of cyber crime without much difficulty. In fact, it’s not necessary to be a super-sophisticated cyber hacker or a computer expert. You don’t even need to know how to operate software.
It’s possible to purchase “attack services” from hacker networks to carry out cyber attacks for financial gain. These networks are groups of hackers who build attack tools and sell them on the Dark Net. It’s possible to buy attack tools and learn how to use them independently. You can even contract the full services of the these networks so that their criminal personnel will execute the attack. There’s an entire market of hackers for rent. Any criminal organization with some money can purchase these tools and contract hackers and hacking services. This is an income source that easily covers other lost sources.
More Cyber Attacks – Both Against Organizations and Individuals
It is expected that insurance companies and banks will become more attractive targets. This type of breach allows criminals to gain access to people’s personally identifiable information (PII) and use it to commit financial crimes. It’s not just stealing credit card information – customers’ insurance portfolios include PII. This allows criminals to call a bank and identify themselves as someone else. Through this information, criminals may also apply for loans on the behalf of others, deduct childcare benefits, etc. In 2021, the largest entities in the economy find themselves in real cyber danger. A further step in the escalation of cyber attacks will include attacks on critical infrastructure, not solely for terrorist aims, but also to steal money and assets.
Furthermore, private individuals are affected as well, as attacks on them are likely to become more sophisticated. We have already met average citizens who have received text messages claiming to be from their credit card companies. These messages informed the individuals that the company traced more than 20 unusual transactions on their cards, and that if they did not authorize these transactions, then they should call a specific number. People receiving messages like these often genuinely believe that they are from their credit card company. Hence, feeling nervous, they call the number and identify themselves via their credit card details. And that’s it – all their valuable information is stolen at that moment. Most people are relatively naive and have difficulty recognizing such attacks.
In the wake of the global COVID-19 pandemic, criminal organizations will become more involved in cyber crime and will target major entities in the economy as well as critical infrastructures. However, smaller criminal bodies or independently acting criminals will target private individuals, as well as small and medium-sized companies, with increasingly sophisticated attacks.
Countries around the globe have to deal with this problem. At the level of the private citizen, the state must make sure to promote awareness and provide appropriate responses to the impacted populations. If people are blackmailed by email or text messages, they must be able to speak with and seek advice from reputable sources. Even if they have fallen into the trap and already have had information or money stolen, they must have somewhere to turn to find a solution. The obvious solution is for each country to have a national cyber directorate. If just a few people are robbed of $2000 because of a cyber scam it may not be a big deal. However, if 300,000 people are robbed of $2000, this causes tremendous economic damage and poses a national risk. Hence, such an institution is necessary for public calm and a general sense of security.
At the level of large organizations and critical infrastructure, national institutions and regulators must understand that these threats have become very real and require significant financial investments. Furthermore, attack tools are becoming very sophisticated, and sometimes are even at the level of state-sponsored intelligence organizations. Hence, we must properly defend and prepare ourselves against these savvy adversaries.