On the coattails of COVID-19: cybercrime as a challenge for companies in the coronavirus crisis

Stefan Hessel

While businesses are still contending with the impact of recent measures to combat COVID-19, a recent press release from the European law enforcement agency Europol demonstrates once again how quickly and drastically criminals can adapt. The current uncertainty among many citizens, and companies as well, is acting as a catalyst, allowing perpetrators to profit big.

There has been a flood of cyberattacks in recent weeks involving COVID-19. The scale of these attacks is demonstrated by a recent study from Check Point. According to this study, websites with coronavirus-related domain names are about 50% more likely to have malicious content than other domain names. Also widespread are phishing e-mails, which purport to be from e.g. banks or health organizations and ask the recipient to reveal sensitive information or install malware. But perpetrators are not contenting themselves with attacks which aim to defraud users. An example of this approach is the posting of a manipulated version of Johns Hopkins University's well-known COVID-19 interactive map in a Russian cybercrime forum. This "coronavirus infection kit" follows the crime-as-a-service model, and is designed to fool users into installing malware which can steal their passwords. Rounding out cybercriminals' toolbox are mobile apps which claim to display coronavirus infections in the user's vicinity, but which really contain malware which encrypts the user's cell phone. Denial-of-service attacks, which target companies' already overloaded IT infrastructure by bombarding their systems with additional requests, garnished with extortion demands, are also popular among criminals.

But cyberattacks are not the only threat which companies need to guard against according to Europol: cases of conventional fraud are also rising. As an example, Europol cites a payment of EUR 6.6 million to a company in Singapore which was supposed to supply disinfectants and surgical masks, but evidently the goods were never shipped. This is a threat which should not be underestimated, especially for companies in the health care sector, but also for those which can't simply send their employees to work from home, and which therefore require protective clothing. The same is true for cases of counterfeiting, which are piling up right now, particularly for medical goods. As an example, Europol cites its support for Operation PANGEA, which resulted in the seizure of more than 34,000 counterfeit surgical masks worldwide between 3 and 10 March 2020. Criminals are being creative in other areas as well, such as by disguising themselves as public health employees in order to gain entry to homes and offices. Especially in light of the broad restrictions on social contacts and the associated trend of employees working from home, we are beginning to see an increase in a type of attack known as "CEO fraud," in which criminals place phone calls claiming to be the CEO or department head and try to induce their victims to send them money.

In view of these numerous threats, it is absolutely critical for companies to take the necessary measures to avert such attacks, especially given the current situation. To this end, companies should carefully examine their processes for vulnerabilities to such attacks and take countermeasures. When searching for weak spots, companies should focus in particular on areas where uncertainties exist or where work flows are unclear, e.g. because employees are absent or working from home. Companies should also update their contingency plans so as to ensure that they will be able to respond quickly to attacks despite the current situation. This is also important in view of the fact that it is currently unclear to what extent reporting and notification requirements for data breaches have been suspended. Given the high level of criminal activity and the ability of criminals to quickly adapt to changing circumstances, companies should increasingly rely on experts to help them analyze and manage risks, especially in the current situation.

[March 20]