Cyber Crime in a covid19 Pandemic
Criminals have used the COVID-19 crisis to carry out social engineering attacks themed around the pandemic to distribute various malware packages. Cybercriminals are also likely to seek to exploit an increasing number of attack vectors as a greater number of employers institute telework and allow connections to their organisations’ systems.
In cyberspace, dependence creates vulnerability, and malicious attempts to exploit this sudden, unplanned societal shift online have proliferated. Law enforcement officials report that criminals are, among other things, selling fake COVID-19 cures online, posing as intergovernmental or governmental health organizations in phishing emails, and inserting malware into online resources tracking the pandemic. This COVID-19-related spike underscores that policy efforts to “flatten the curve” on cybercrime have not succeeded.COVID-19 is a crisis that, as my CFR colleague Robert Knake identified, highlights once more the cybersecurity vulnerabilities in health care, a significant private-sector activity and prominent component of critical infrastructure. Word that cybercriminals would suspend attacks against health care institutions during the COVID-19 pandemic provides cold comfort. Being at the mercy of “honor among thieves” simply deepens awareness that this part of U.S. critical infrastructure is cyber insecure at an unprecedented and dire moment in the life of the nation.
Therefore, RiskIQ’s team of trained intelligence analysts began compiling disparate data and intelligence related to COVID-19 into comprehensive daily reports. Each report combines major updates around COVID-19 and its impacts on cities, neighborhoods, schools, and businesses as well as essential cybercrime data that helps raise the situational awareness of both physical and cybersecurity teams. This intelligence will help inform the decisions of security teams, who face new requirements during these unprecedented times. Here, RiskIQ strives to provide the security community with a single source of factual reporting and informed analysis to help the security community discover unknowns about their environment and investigate threats.
Full RiskIQ i3 Daily Report – 4/15