Cybercrimes are a constant threat as criminals seek to take advantage of online users. The COVID-19 pandemic is no exception. Cybercrimes are crimes involving the use of a computer, a computer system, the internet, or any sort of computer technology. The computer itself may be the target of the crime or the entire network it runs on might be targeted. Most cybercrime is intended to attack businesses, organizations, individuals, even governments and can span across a wide range of activities. Crimes are carried out via malware.
Malware is actually a collective name for any type of malicious software that is harmful to a computer. Malware consists of computer code developed by cyber attackers and can be any program or file used to steal, alter, delete, or hijack sensitive computing information without the owner’s permission.
While there is much more, cybercrime most often includes:
- Identity theft
In 2019, California was by far the state that had the highest number of complaints in the FBI’s Internet Crime Report.
As of March 30, the FBI’s Internet Crime Complaint Center (IC3) had already received over 1,200 COVID-19 related complaints as cyber criminals are seeking to exploit the situation and attack businesses, individuals, and organizations as never before.
How Cybercriminals are Taking Advantage of the COVID-19 Crisis
Coronavirus scams aim to exploit the fear, stress, and anxiety surrounding the pandemic by spreading misinformation and increasing fear, selling fraudulent and counterfeit goods, phishing and social engineering scams to steal sensitive information. Sites on the dark web offer goods like discount face masks and other counterfeit goods for sale. The World Health Organization (WHO) has dubbed this mass wave of information an infodemic and has assembled a team to help stem the current tide of misinformation.
Public health and other officials also are warning people to be especially vigilant when it comes to choosing sources for information about the COVID-19 virus or the status of the coronavirus in your community. Cybercriminal activity is certainly at an all-time high. According to the FBI, the “unprecedented wave” of cybercrime has made several states (New York, California, Washington) especially vulnerable to be “zeroed in on by threat actors.”
Identity theft, in particular, continues to be a problem – especially now in the face of the Coronavirus outbreak. Cybercriminals looking to profit from coronavirus fears are not only preying on consumers by the spread of misinformation, the selling of fake products, and email phishing, and other coronavirus-related scams, but healthcare organizations are also being targeted. Massive cyberattacks of ransomware against medical and health organizations in the midst of the COVID-19 pandemic crisis have been steadily rising. In fact, the FBI and other officials warn that such scams will likely increase in the coming weeks.
The FBI also is urging parents to monitor children who are home from school and online more to be wary of the increased risk for exploitation. Further, the IRS has issued warnings about coronavirus-related scams tied to economic impact payments. Retirees may be especially vulnerable to these scams: no action is required on the part of any individual, including seniors below the filing requirement, and no one from any agency will be contacting them by phone, email, mail, or by an in-person visit asking for any kind of information. In other words, retirees will also be receiving the $1200 payments automatically.
Increased Cybersecurity Needed in the Time of COVID-19
According to the Insurance Information Institute (III), fraud costs continue to rise, and criminals are becoming more adept at finding ways to take advantage of vulnerable consumers. By the end of 2019, there had already been a 17% increase in data breaches over 2018. Those numbers will be much higher due to the coronavirus health crisis.
INTERPOL recently released an alert warning people working from home while social distancing about outdated security systems, as opportunistic cybercriminals are using the situation to conduct attacks. It is vital at this time that all devices are adequately protected.
Other fraud alerts are warning that cyber attackers are sending emails asking Amazon users to sign into accounts in exchange for free hand sanitizer, while others are sending text messages with links that promise to help users to track the virus in their community. The links, of course, are fake and give criminals remote access to their smartphone or mobile device.
Additionally, thousands of potential phishing sites have been created, targeting Zoom, Facebook, Twitter, YouTube, Google, and other websites as their use has increased. Fake domains and websites that look like those of the Centers for Disease and Prevention (CDC), the World Health Organization (WHO), and other government or science-based organizations are also being created to spread false information and steal sensitive data from vulnerable users.
Public officials are warning everyone to only use credible resources when seeking answers to COVID-19 related questions. Customers should also be especially wary of those offering services or goods at this time as hackers are also targeting home delivery food apps and other high demand services at this time.
Most Common Sources of Data Breaches
- Weak or stolen passwords
- Social engineering
- Back doors (application vulnerabilities)
- Too many permissions
Some important Statistics on Cybercrimes
- Cybercrimes are the fastest growing crime in the United States
- In the past year, 78% of organizations in the U.S. have experienced a cyber attack
- Hackers attack every 39 seconds, an average of 2,244 times a day (University of Maryland, 2007)
- More than 2 billion personal records are stolen every year
- According to Bloomberg (2017), hackers stole the information of over 57 millionriders and drivers
- As of 2019, the average cost of a data breachwas $3.92 million
- One in 10 URLs are malicious
- 48% of malicious email attachments are office files
- The number of data breaches continues to grow annually
Difference Between an Attacker, Hacker, and Threat Actor
Attackers, hackers, and threat actors are not the same things.
An attacker is an individual or an organization/entity wishing to cause harm to an information system. Attackers want to steal information from, disable, alter, destroy, or gain unauthorized access to a computer or computer network.
A hacker is typically someone with technical knowledge and who uses bugs to break into computer systems.
A threat actor (or malicious actor) is an entity responsible for a security incident that impacts an organization’s security.
Types of Malware Programs Used in Cybercrimes
Malicious domains. Due to the coronavirus outbreak, there are now a very large number of registered domain names on the web that contain terms such as COVID-19 or coronavirus. While some certainly are legitimate, many are not and are nothing more than sites used to spread malware to users and other vulnerable targets.
Malware. Malware refers to any software program that is designed to cause damage to a computer, its server, or the network it runs on. Differing types of malware will contain different traits and unique characteristics. According to INTERPOL (2020), cybercriminals are taking advantage of the global health COVID-19 pandemic to mask their activities.
While there are many malware types (malicious software), they tend to produce similar symptoms, including:
- Computer begins behaving strangely
- Increased CPU usage
- Slow computer or web browser speeds
- Problems connecting to networks
- Freezing or crashing
- Modified, missing, or deleted files
- Strange files, programs, or desktop icons that suddenly appear on your screen
- Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off antivirus and firewall programs)
Phishing campaigns, emails, or messages sent automatically and without the knowledge of the user (e.g., someone
Some types of malware include:
Spyware. Spyware is the term given to a type of software that is intended to steal personal or organizational information. Spyware performs a set of operations without user permissions, sometimes even covertly. Spyware generally performs advertising, collects personal information, and changes user configuration settings on the computer. It typically gets onto the computer via freeware and shareware as a hidden component and then sends data to other places.
Ransomware. This is a type of malware that prevents or limits users from accessing their own system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.
In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, such as an invoice or an electronic fax, but that actually contains the malicious ransomware code. Once it is clicked on, they are directed to a website that infects their computer with malicious software.
Trojans. Trojans may allow an attacker to access users’ personal information such as banking information, passwords, or personal identity. It can also delete a user’s files or infect other devices connected to the network. Ransomware attacks are often carried out using a trojan.
Viruses. A computer virus replicates itself by modifying a computer’s program and inserting its own code. These malicious software programs cause billions of dollars annually in economic damage.
Worms. A computer worm is a program that replicates itself in order to spread to other computers. It often uses a network to spread itself, relying on security failures on the target computer to gain access to it. It will use this machine as a host to scan and infect other ones.
Cyberwarfare. Cyberwarfare is the use of technology to attack another nation. In other words, it is internet-based penetration of networks and computer systems by one nation of another. Its purpose is to attack and damage information networks through computer viruses or other cyberattacks.
Cyberwarfare or cyberterrorism might be used by terrorist groups, companies, political or ideological extremist groups, or other criminal organizations.
United States Law Agencies
The Federal Bureau of Investigation (FBI) is the lead federal agency for investigating cybercrimes. The FBI issues cybercrime news and press releases related to these types of crimes as they become available.
The Department of Homeland Security (DHS) works with other federal agencies to disrupt and defeat cyber criminals.
Laws Against Cybercrime
The Federal Computer Fraud and Abuse Act (CFAA) is the primary mechanism for prosecuting cybercrime. It prohibits the following:
- Unauthorized access to a computer and obtaining national security information
- Unauthorized access to a computer used in foreign or interstate commerce
- Unauthorized access to non-public computers used by the U.S. government
- Accessing a computer with intention to defraud (illegally obtain money from someone)
- Damaging a computer intentionally or recklessly
- Selling or buying stolen passwords
- Threats to obtain personal information
- Cyber-extortion (demands of money or property through force or threats)
Cybercrimes can be defined as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm or loss to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards, and groups) and mobile phones.”
How to Keep Your Computer and Personal Information Safe
- First, be vigilant
- Ensure your anti-virus software is installed and up to date
- Back up important files
- Do not click on links you are unfamiliar with
Coronavirus Scams: Watch Out for These
There are more coronavirus-related scams and websites created by malicious actors than can possibly be listed here, but the sites and resources below may provide more specific information on how to spot these in order to keep yourself and your assets safe during this time.
Efforts to Exploit the Pandemic
FBI Discusses COVID-19 Related Schemes
Federal Trade Commission: How to Recognize and Avoid Phishing Scams
Online Resources You Can Trust
There are several U.S. and international organizations that are working to keep vulnerable targets safe from those who seek to prosper on dark web marketplaces.
- Centers for Disease Control and Prevention (CDC). COVID-19 related phone scams and phishing attacks.
- Cybersecurity Laws and Regulations. https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/usa
- FBI Cyber Division. The division of the FBIthat heads the national effort to investigate and prosecute internet crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud.
- Federal Communications Commission (FCC). COVID-19 Consumer warnings and safety tips.
- Federal Trade Commission (FTC). Scammers are taking advantage of fears surrounding the coronavirus. How to avoid coronavirus scams. https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing
- National Conference of State Legislatures (NCSL).At least 35 states, Washington, D.C., and Puerto Rico introduced or considered more than 365 bills or resolutions that deal significantly with cybersecurity. This site contains links to 2020 cybersecurity legislation by state.
- National Cyber Strategy of the United States of America. https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf
- The International Criminal Police Organization (INTERPOL) is the world’s largest police organization. Its main purpose is to ensure the safety of people worldwide. https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats
- United Nations (UN) COVID-19 Response site. The UN is warning against proliferation of false information about the virus and the current “infodemic” of misinformation. https://www.un.org/en/un-coronavirus-communications-team/un-tackling-%E2%80%98infodemic%E2%80%99-misinformation-and-cybercrime-covid-19
- World Health Organization (WHO). Beware of criminals pretending to be WHO.
Brewster, T. (2020). An ‘unprecedented’ wave of coronavirus scams is coming, U.S. attorney warns. https://www.forbes.com/sites/thomasbrewster/2020/03/18/how-americas-cyber-defenders-are-preparing-to-save-you-from-an-unprecedented-wave-of-coronavirus-scams/#10dd26cca74a
Culver, J. (2020). Tricksters in white lab coats and phishing emails: Be wary of coronavirus-related scams, officials warn. https://www.usatoday.com/story/news/nation/2020/03/23/coronavirus-scammers-florida-health-officials-police/2896587001/
Cyber Crime Review. (2020). Cyber crime statistics 2019. https://cybercrimereview.com/cyber-crime-statistics-2019/
Department of Justice. (2020). Cybersecurity unity: White paper and other documents. https://www.justice.gov/criminal-ccips/cybersecurity-unit
DuPaul, N. (2012). Common malware types: Cybersecurity 101. https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101
FBI. (2020). Cyber actors take advantage of COVID-19 pandemic to exploit increased use of virtual environments. https://www.ic3.gov/media/2020/200401.aspx
Forcepoint. (2020). What is malware? Malware defined, explained, and explored. https://www.forcepoint.com/cyber-edu/malware
Guirakhoo, A. (2020). How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation. https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/
ICLG. (2020). USA: Cybersecurity 2020. https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/usa
Insurance Information Institute. (2020). https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime
INTERPOL. (2020). COVID-19 cyberthreats. https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats
Morgan, S. (2020). Directory of U.S. state and local cybercrime law enforcement. https://cybersecurityventures.com/directory-of-u-s-state-and-local-cybercrime-law-enforcement/
NCSL. (2020). Cybersecurity legislation 2020. https://www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2020.aspx
RiskIQ. (2020). COVID-19 cybercrime daily update. https://www.riskiq.com/blog/analyst/covid19-cybercrime-update/
Saltzman, M. (2020). Coronavirus pandemic generates new fraud strains: COVID-19 scams on computers, smartphones. https://www.usatoday.com/story/tech/columnist/2020/04/04/coronavirus-scams-going-viral-attacking-computers-and-smartphones/2939240001/
Stroud, F. (2020). Threat actor. https://www.webopedia.com/TERM/T/threat-actor.html
United Nations. (2020). COVID-19 response. https://www.un.org/en/un-coronavirus-communications-team/un-tackling-%E2%80%98infodemic%E2%80%99-misinformation-and-cybercrime-covid-19
White House. (2018). National cyber strategy of the United States of America. https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf
Wright, R., & Lee, D. (2020). Malware (malicious software) definition. https://searchsecurity.techtarget.com/definition/malware
Zamost, S. (2020). Coronavirus fraudsters prey on fear and confusion with fake products, email scams. https://www.cnbc.com/2020/03/23/coronavirus-fraudsters-prey-on-fear-with-fake-products-email-scams.html