Coronavirus and the increase of online crime
Defence & Security

Coronavirus and the increase of online crime

By Alessandra Giada Dibenedetto
04.13.2020

The outbreak of the new coronavirus pandemic in Italy and in the world and the consequent forced isolation measures imposed on the population as a mitigation measure against contagion have led to a clear change in the modus operandi of criminal networks, which often are among the most adaptive and operationally flexible organizations in the global economic, political and social context.

In fact, the obligation to stay home and the increase in the presence of Police on the streets have diminished or, in any case, made the possibility of theft in homes, pickpockets and face-to-face drug dealing more complex. However, the crisis in traditional operating methods has been accompanied by the parallel growth of forms of online criminal activity.

In fact, according to a report recently published by Europol, the growing number of people confined home and forced to smart working through their local internet network (often not adequately protected) has exponentially increased the opportunities for hackers to perpetrate a cyber attack in order to steal sensitive personal and business data. In addition, there has been an increase in dark web activity, the proliferation of authentic phishing campaigns and a wider spread of malwares.

In the current contingency, the chances of perpetrating a cyber attack have exponentially increased. Indeed, there is a growing number of people working from home, as well as numerous home banking operations that are carried out these days (transactions that are preferred to going to the bank in person) and online purchases that have surged given the closure of most commercial activities. Therefore, the number of cyber attacks aimed at stealing credit card and bank account information is increasing, putting the security of online financial transitions in Europe increasingly at risk. In fact, a few days ago a phishing attack was perpetrated against the users of two Italian banking institutions, Intesa San Paolo and Monte dei Paschi. In detail, the hackers sent fake emails (which imitated in the form the messages of the legitimate suppliers), which contained false information and an urgent communication on the health emergency. The goal was to steal sensitive information and, above all, bank data through a possible response to the email from the victim or by simply opening the attachments. A similar attack struck numerous countries around the world in late March by sending an e-mail with as fake sender the World Health Organization. In this phishing campaign, the e-mail message dealt with the misinformation inherent to the coronavirus and invited to open the attachments to view recommendations in this regard. However, the attachments contained viruses designed to steal credentials, passwords and other personal data on the computer.

Furthermore, another type of online criminal activity that seems to continue to thrive with COVID-19 is that of ‘ransomware’, that is taking as hostage some files present on a computer (through their encryption and the impossibility of making them accessible to the user) and the request a ransom, generally in bitcoin or other cryptocurrencies. In the last few days, as reported by the Europol report, the intensification of the crisis due to COVID-19 has widened the business of hackers who have started to recruit new manpower to maximize the volume of their attacks and the consequent revenues. In addition, cybercriminals have also reduced the average duration of their attacks, that is, from the hostage taking to the ransom demand, in order to speed up the process and engage in more illegal activities. Lastly, the victims could not only be ordinary citizens, but also larger organizations such as universities, companies and government agencies that have expanded the use of the network remotely in order to continue operating, despite the pandemic.

A further and perhaps even more dangerous type of cyber attack that has been perpetrated several times in these days of crisis is the so-called ‘distributed denial-of-service’, or the interruption of services. In summary, the attack can saturate the online network of a website or knock out a complex system (such as that of a hospital or a power plant) connected in the cloud. Again, a ransom may be requested to restart the services. A recent note issued by the FBI highlighted the growing risk for large industries, and in particular for the health sector, of being victims of cyber attacks of this type. Indeed, an Italian hospital at the centre of the fight against COVID-19, the Spallanzani in Rome, has been targeted by hackers. In particular, the structure was hit by several computer raids that were the subject of an extraordinary meeting of the institutional group of experts in charge of cyber ​​security. So, first of all hospitals, but also the banking and insurance structures are special supervised in these emergency days in Italy and in Europe to prevent the criminal actions of hackers from slowing down the national health system or affecting an economy already severely afflicted from the on-going crisis.

A question that is legitimate to ask in these cases is who is perpetrating cyber attacks. The main attention is on computer hackers, but very often it is not only about lone wolves who have voted their talent for crime, but also state actors or criminal or terrorist groups who pursue political purposes through hybrid war strategies. Even the Europol report does not neglect the possibility that some foreign governments may take advantage of the on-going crisis to target specific targets. According to a survey by EY, 26% of the cyber attacks of the recent weeks have been carried out by organized crime groups, while 21% come from cyber activists who are very often sponsored for geopolitical reasons. Now more than ever, therefore, the cyber threat is at its highest levels and it is necessary to activate all those prevention and reaction activities necessary to prevent similar attacks from seriously affecting a strategic infrastructure, a multinational company or a government agency.

A further online phenomenon that has found its maximum expression in the current period of crisis is browsing the dark web, that is the set of darknets of the World Wide Web, where it is possible to anonymously and illegally sell and buy goods and services. Given the shortage or surcharge of health-related goods on traditional online portals, the dark web teems with products such as disinfectants and masks at reduced prices, but of poor quality. In addition, you can also find bogus kits for the COVID-19 positivity test.

Finally, in the vast range of information that is daily provided to combat COVID-19, fake websites or advertisements specifically created to obtain profits or steal information are added. In the first case, given that the clicks on the advertisements related to COVID-19 have exponentially increased, the number of spam advertisements (and very often fake) online has also increased. In the world of digital marketing, every click corresponds to a profit. In the second case, there has been an increase in the number of sites that discuss coronavirus and that, however, very often contain a malware (or viruses), and therefore their opening can lead to an intrusion into your computer and theft of sensitive information. According to the most recent data, as of January 16 thousand new domains related to coronavirus have been registered, of which 20% were malevolent. For example, it is possible to find infected websites that contain fake maps on the spread of the epidemic.

In hindsight, COVID-19 is not the only threat these days. Growing online crime can be a highly destabilizing factor for the economy of a “country system” and also for its internal and foreign political stability. According to data revealed by EY, in the first two months of 2020 cyber attacks in the world have increased by 16% and only in January the ransomware against companies in the health sector doubled. As for Italy only, the EY survey reports that as many as 51% of Italian companies have suffered one or more major cyber attacks this year. Furthermore, as also highlighted by the Europol report, this trend seems to be growing steadily. Therefore, to combat the collateral challenges of the coronavirus, cyber attacks in the first place, citizens must raise their level of attention in order to avoid running into online scams and arm themselves with common sense when they surf the web. Companies, for their part, given the current smart working (which in reality could prove to be a useful solution also in the future), should devote themselves to security updates and the management of the devices used, as well as train and sensitize their employees on cyber security. Finally, in order to make Italy as resilient as possible to cyber attacks, it is necessary to develop digital networks and infrastructures that are secure in order to protect all the companies present on the national territory. Securing the Italian IT system, therefore, can become a new need in the current condition and also in a post-coronavirus scenario. In fact, unfortunately, the growing development of cybercrime can become even more dangerous than COVID-19 itself.

Related articles