By now all countries around the world are badly affected by covid-19. Their citizens and organizations are obliged to avoid social contact (social distancing) to reduce the viral infection.
Each country is implanting its own response such as working from home as much as possible and closing most public establishments, which could impact the cybersecurity position of organizations. Working at home in mass has realized a level of cyber security concerns and challenges never faced before by industry and citizenry. It was the best opportunity to cybercriminals to expand upon their attacks, through traditional trickery which also prays on the heightened stress, anxiety and worry facing individuals. The general level of unpreparedness by software vendors was, also, revealed by the experience of working at home, particularly as far as the security of their products was concerned. The damage doesn’t stop there. In fact, the cyberattacks have also targeted the healthcare services, which is a critical infrastructure.
In response to this, on April 8th 2020, the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) published a joint advisory on how cyber-criminal and advanced persistent threat (APT) groups were exploiting the current COVID19 pandemic. This advisory discussed issues such as phishing, malware and communications platform (Zoom, Microsoft Teams) compromise. What is arguably lacking here and in research, however, is a broader assessment of the wide range of attacks related to the pandemic.
Governments, media, security organizations and incident teams reported attacks which make the current state of the art extremely dispersed. Therefore, organizations must develop appropriate protection and response measures given the dynamic environment. This is extremely challenging for them.
Shopping and social interactions to business, industry, and unfortunately, even crime have moved online with the broad adoption of digital technologies. The latest reports establish that cybercrime is growing in frequency and severity, with a prediction to reach $6 trillion by 2021 (up from $3 trillion in 2015) and even take on traditional crime in number and cost. Due to its lucrative nature and low risk level (as cyber-criminals can launch attacks from anywhere across the globe), it is clear that cybercrime is here to stay.
Cyber-crime, as traditional crime, is often described by the crime triangle, which specifies that for cybercrime to occur, three factors have to exist: a victim, a motive and an opportunity. The victim is the target of the attack, the motive is the aspect driving the criminal to commit the attack, and the opportunity is a chance for the crime to be committed (it can be an innate vulnerability in the system or an unprotected device). Other models in criminology, such as Routine Activity Theory (RAT) and the fraud triangle use similar factors to describe crimes, with some replacing the victim by the means of the attacker, which it can be considered otherwise as part of the opportunity.
While attacks today have become more sophisticated and targeted to specific victims depending on attacker’s motivation, for example for financial gain, espionage, coercion or revenge; opportunistic untargeted attacks are also very prevalent.