On the coat­tails of COVID-19: cyber­crime as a chall­enge for com­pa­nies in the coro­na­vi­rus crisis

While busi­nesses are still con­ten­ding with the impact of recent mea­su­res to com­bat COVID-19, a recent press release from the Euro­pean law enforce­ment agen­cy Euro­pol demons­tra­tes once again how quick­ly and dra­sti­cal­ly cri­mi­nals can adapt. The cur­rent uncer­tain­ty among many citi­zens, and com­pa­nies as well, is acting as a cata­lyst, allo­wing per­pe­tra­tors to pro­fit big.

The­re has been a flood of cyber­at­tacks in recent weeks invol­ving COVID-19. The sca­le of the­se attacks is demons­tra­ted by a recent stu­dy from Check Point. Accor­ding to this stu­dy, web­sites with coronavirus-related domain names are about 50% more likely to have mali­cious con­tent than other domain names. Also wide­spread are phis­hing e‑mails, which pur­port to be from e.g. banks or health orga­niza­ti­ons and ask the reci­pi­ent to reve­al sen­si­ti­ve infor­ma­ti­on or install mal­wa­re. But per­pe­tra­tors are not con­tenting them­sel­ves with attacks which aim to defraud users. An exam­p­le of this approach is the pos­ting of a mani­pu­la­ted ver­si­on of Johns Hop­kins Uni­ver­si­ty­’s well-known COVID-19 inter­ac­ti­ve map in a Rus­si­an cyber­crime forum. This “coro­na­vi­rus infec­tion kit” fol­lows the crime-as-a-service model, and is desi­gned to fool users into instal­ling mal­wa­re which can ste­al their pass­words. Roun­ding out cyber­cri­mi­nals’ tool­box are mobi­le apps which cla­im to dis­play coro­na­vi­rus infec­tions in the user’s vici­ni­ty, but which real­ly con­tain mal­wa­re which encrypts the user’s cell pho­neDenial-of-service attacks, which tar­get com­pa­nies’ alre­a­dy over­loa­ded IT infra­struc­tu­re by bom­bar­ding their sys­tems with addi­tio­nal requests, gar­nis­hed with extor­ti­on demands, are also popu­lar among criminals.

But cyber­at­tacks are not the only thre­at which com­pa­nies need to guard against accor­ding to Euro­pol: cases of con­ven­tio­nal fraud are also rising. As an exam­p­le, Euro­pol cites a pay­ment of EUR 6.6 mil­li­on to a com­pa­ny in Sin­ga­po­re which was sup­po­sed to sup­p­ly dis­in­fec­tants and sur­gi­cal masks, but evi­dent­ly the goods were never ship­ped. This is a thre­at which should not be unde­re­sti­ma­ted, espe­ci­al­ly for com­pa­nies in the health care sec­tor, but also for tho­se which can’t sim­ply send their employees to work from home, and which the­r­e­fo­re requi­re pro­tec­ti­ve clot­hing. The same is true for cases of coun­ter­feit­ing, which are piling up right now, par­ti­cu­lar­ly for medi­cal goods. As an exam­p­le, Euro­pol cites its sup­port for Ope­ra­ti­on PANGEA, which resul­ted in the sei­zu­re of more than 34,000 coun­ter­feit sur­gi­cal masks world­wi­de bet­ween 3 and 10 March 2020. Cri­mi­nals are being crea­ti­ve in other are­as as well, such as by dis­gu­i­sing them­sel­ves as public health employees in order to gain ent­ry to homes and offices. Espe­ci­al­ly in light of the broad rest­ric­tions on social cont­acts and the asso­cia­ted trend of employees working from home, we are begin­ning to see an increase in a type of attack known as “CEO fraud,” in which cri­mi­nals place pho­ne calls clai­ming to be the CEO or depart­ment head and try to indu­ce their vic­tims to send them money.

In view of the­se num­e­rous thre­ats, it is abso­lut­e­ly cri­ti­cal for com­pa­nies to take the neces­sa­ry mea­su­res to avert such attacks, espe­ci­al­ly given the cur­rent situa­ti­on. To this end, com­pa­nies should careful­ly exami­ne their pro­ces­ses for vul­nerabi­li­ties to such attacks and take coun­ter­me­a­su­res. When sear­ching for weak spots, com­pa­nies should focus in par­ti­cu­lar on are­as whe­re uncer­tain­ties exist or whe­re work flows are unclear, e.g. becau­se employees are absent or working from home. Com­pa­nies should also update their con­tin­gen­cy plans so as to ensu­re that they will be able to respond quick­ly to attacks despi­te the cur­rent situa­ti­on. This is also important in view of the fact that it is curr­ent­ly unclear to what ext­ent report­ing and noti­fi­ca­ti­on requi­re­ments for data brea­ches have been sus­pen­ded. Given the high level of cri­mi­nal acti­vi­ty and the abili­ty of cri­mi­nals to quick­ly adapt to chan­ging cir­cum­s­tances, com­pa­nies should incre­asing­ly rely on experts to help them ana­ly­ze and mana­ge risks, espe­ci­al­ly in the cur­rent situation.


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.