COVID-19’s impact on cybercrime and cybercriminals

The COVID-19 pandemic has impacted businesses worldwide. Some companies have suffered sizeable financial loss due to an inability to operate under strict quarantine conditions. In contrast, some businesses have adapted and are thriving in the new environment. Many are searching for ways to maintain a profit despite the challenges that social distancing and reduced consumer spending brings.

Cybercrime is a business, albeit an illegal one. Successful cybercriminals operate their scams and attacks with organised processes that have been polished to maximise ill-gotten gains. It stands to reason that cybercrime and the way cybercriminals operate amid the global pandemic must also be impacted. Whether the current conditions favour an increase in cybercrime opportunities or by contrast, hinder its profitability, is a complicated question.

Challenges faced by Cybercriminals as a result of the COVID-19 pandemic

The COVID-19 pandemic and the resulting lock-downs seen internationally has interrupted supply chains globally. For example, “reshipping fraud” has not been immune to the delays and cost increases as a result of supply chain disruption.

Online retailers carefully manage their risk when shipping products to regions where credit card fraud is prolific. Our research suggests a vast underground “reshipping” market, in places such as North Africa, Russia and Eastern Europe. Criminals buy expensive products online using stolen credit card details and enlist “mules” to receive and relay the goods to embargoed areas. Mules may be willing or unwitting participants in these crimes, and it is a term used to describe anyone hired or used to enact part of the illegal process.

According to the report of one cyber intelligence company, many criminal reshipping services are struggling during COVID-19 as long FedEx or UPS shipping delays are causing their product to be rerouted to the original credit card holders address instead of to the mules.

Money Mules (people hired to help launder cybercrime proceeds) are also reportedly being hindered in their activities. Many are unable to withdraw funds due to not wanting to leave their homes and reshipping mules are unable to pick up goods directly from stores anymore due to widespread lock-downs.

Cybercriminals have also reported difficulties in executing social-engineering fraud. Bank support phone lines are overloaded. Along with legitimate customers, criminals are therefore struggling to get through to support desks to conduct account changes. It has also been predicted that the black-market price of stolen credit card data used to create physical counterfeit credit cards may fall due to physical store closures, making this endeavour no longer as profitable as what it once was.

Finally, according to Digital Shadows, the scale of the global crisis appears to have some cybercriminals rethinking their moral standpoints. Reportedly, this is making it harder for them to undertake scams without considering the resulting karmic consequences of profiting from their activities.

Opportunities granted Cybercriminals as a result of the COVID-19 pandemic

While an environment of physical distancing and business interruption presents challenges to cybercrime, there also appears to be opportunity. The quick move to remote working for large sections of the global population presents a significant new pond for criminals to conduct phishing scams and release malware.

Fear is a traditional social-engineering technique used by criminals, and COVID-19 health uncertainties present new ways to frighten potential victims into revealing more information than they might otherwise. As seen in recent news and alerts, COVID-19 tracing schemes and fraud are rife.

Unemployment caused by the predicted global economic recession is also an area where cybercriminals can find opportunities. For example, Intel 471  report that cybercriminals are looking forward to the glut of available and desperate possible mules that high unemployment levels will create.

Cybercriminals are also taking advantage of unemployment programs across the United States by filing unemployment claims in multiple states using information obtained via identity theft. Sadly as described by KrebsOnSecurity, much of the fraudulent PII used to obtain these benefits is from those on the front line of the pandemic such as first responders and government personnel.

Due to the current pandemic and scale of people in need, it is thought that many states have dramatically reduced the amount of information required to request an unemployment filing successfully. The result being that cybercriminals have seized the opportunity and the scale of this operation has led to warnings that false filings may cost the government hundreds of millions of dollars in losses.

Predictions for 2020 and beyond

It is clear that although cybercrime enterprises may be impacted and inconvenienced by COVID-19 restrictions, they are continuing to evolve and look for financial advantages in the crisis. While some criminal schemes may diminish due to a lack of profitability, such as credit card dumps, other types of fraud such as unemployment fraud are quickly rising to take their place.

The British government are already highlighting a surge in cyberattacks so far this year compared to previous years, and that may continue throughout 2020. Large scale unemployment may create a new pool of vulnerable people willing to accept offers of shady employment, and fear may drive ordinarily sensible individuals into taking bigger risks with their data.

In summary, the cybercriminals appear to be weathering the coronavirus storm.  Ongoing vigilance against cybercrime must remain high amongst New Zealand individuals and businesses.