COVID Concerns — Borders and Online Vulnerabilities
Physical distancing measures and country border closures have forced societies to adjust to a new and quickly changing normal. For the most part, physical distancing has meant that our lives have moved more and more online, as we both work and socialize through digital means.
Moving Online — Cybercrime
This increased virtual presence means an increased vulnerability to cybercrime. Multiple authorities have already issued warnings, including the WHO and the European Banking Authority. Government bodies like the European Union Agency For Cybersecurity have responded to the threat by offering easily digestible day-to-day tips for protection — providing best practices for online shopping, teleworking and ehealth. Since employees working from home are likely to take greater risks and inadvertently expose corporate IT to cybercriminals, promoting cyber safety is paramount.
Companies have been hurried into remote work processes and are feeling the pressure to quickly adopt and promote proper cyber hygiene. The rush to remote working and its enormous influx have already exposed some privacy concerns for digital infrastructure that companies rely on. This was exemplified by the collaboration platform Zoom, which came under pressure last month for its lax security.
Risks associated with new working-from-home environments were addressed in the April 2020 joint report authored by the national cybersecurity agencies of the United States and United Kingdom. The report warned that in addition to targeting Microsoft Teams and Zoom, malicious cyber actors are hijacking teleconferences and online classrooms, as well as exploiting VPNs and other remote working tools and software.
Phishing, vishing and smishing
Since the pandemic there has been an explosion in phishing scams, with perpetrators sometimes posing as the WHO and the CDC. A phishing scam is an attempt to steal personal information, known as smishing in the case of SMS and vishing in the case of a phone call. Usually disguised in an email, it prompts individuals to click a link or download an attachment. The sender poses as a trusted entity, which makes the WHO and CDC ideal candidates for impersonation. Phishing is the oldest type of cyberattack, having origins in the 1990s. It is however, becoming increasingly sophisticated.
One investigation from last month by Vox explains how the WHO was made especially vulnerable due to the absence of a DMARC policy, which allowed scammers to send emails from their real domain name: who.int. DMARC is an authentication protocol which can prevent email spoofing, but is cumbersome to configure and may prevent legitimate emails from getting through if not set up correctly. The WHO has since published a DMARC record.
These scams can be convincing and are often clever. They prey on psychological mechanisms carefully crafted to push readers’ emotional buttons. Some even target individuals who lost their jobs due to COVD-19, masquerading as welfare providers. The scale of online scams is also enormous. Google announced they were blocking 18 million coronavirus scam emails every day.
On a grander scale ...
Evident from the ransomware attack on the University Hospital of Brno in March, cybercrime also has the potential to disrupt large scale operations. Ransomware is ‘a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access’. While the attack was dealt with swiftly, the institution still suffered major disruption that included the cancellation of surgeries and the shut down of IT systems.
The University Hospital Brno is the Czech Republic’s second largest hospital and is a COVID-19 testing and treatment location. Health care facilities in the United States and Spain have also been targeted by ransomware attacks.
Europol warns that institutions like hospitals, governments and universities are more motivated to pay the ransom demanded from cybercrimes because they are especially apprehensive to lose access to their digital systems. To exploit the situation, criminals are increasing the speed and number of ransomware attacks, recruiting collaborators to help them maximise their impact, and offering ransomware-as-a-service on the dark web.
What about offline?
While criminals take advantage of the unstable atmosphere, it has also left certain practices more susceptible to exposure. Border restrictions and closures have resulted in a reduction of physical traffic, meaning ports and airports have seen a significant reduction in traditional cash-courier money laundering and supply chains for narcotics are more easily scrutinized. At the UK Border, for example, a 14 kg cocaine haul resulted in the seizure of 15 packages of the illicit substance, hidden in face masks. This has disrupted the supply of drugs and made street prices more expensive in some jurisdictions.
Drug deals are also more conspicuous on emptier city streets prompting criminals to conduct business online. These criminals, in an effort to make up for lost revenue, are also lacing their products with cutting agents and turning to phishing scams.
What can we do now?
Learned from past experience, including the 2008 financial crisis, criminals will find a way to adapt to new conditions and profit, inevitably ensuring the continued flow of illicit finance. The Financial Action Task Force published a report last week addressing anti-money laundering and counter terrorist financing in the time of COVD-19, including potential responses for consideration. One assumption we can make is that the enormous shift to online is bringing awareness to the importance of cybersecurity, which is also backed by Brussel’s announcement of a new anti-money laundering authority to help address these concerns.
While we leave officials to deal with the cybersecurity conundrum on a larger scale, at the personal level we can at least practice cyber hygiene in this heightened environment of online scams and financial crimes.
For some tips on cyber hygiene you can visit the following resources: