By Preetam Kaushik
While governments, businesses and ordinary citizens struggle to adapt to the "new normal" of COVID-19, one group seems to be prospering—cybercriminals.
Efforts to limit the spread of the disease have created an extra impetus to "go digital"—be it to shop for essential supplies, access government aid or coordinate day-to-day business activities. In a matter of months, this wave of rapid adoption has left serious security flaws open for criminals all over the world to exploit.
COVID-19 is creating a "perfect storm" of online criminal activity
“With more people spending time at home due to the global COVID-19 pandemic, there has been an increase in the volume and frequency of online transactions,” says Abhishek Chatterjee, founder and CEO of Tookitaki, a leading online fraud- detection and anti-money laundering (AML) software. “It is no surprise that criminals are attempting to capitalise on this COVID-19 induced spike in online transactions.”
As governments across the world ready massive aid and stimulus packages to help citizens and to keep economies ticking, cybercriminals are trying to grab a share. According to recent studies by Check Point Research, March and April witnessed a drastic increase in COVID-19 scams: 18 million phishing emails per day, 240 million spam messages and over 2,000 new suspicious domain names related to stimulus or aid packages.
It is well-established that vigilance is the first defence against online phishing and email fraud attacks. But COVID-19 lockdowns have left people scared, stressed and in desperate need of aid. They make easy prey for online criminals who use the promise of government aid to steal private information.
Given the unprecedented challenge posed by cybercriminals during the global pandemic, many regulatory authorities and watchdogs across the world, including Interpol, have stressed the importance of using modern technology to protect against crime. Regulatory technology, or “regtech”, is key to addressing this challenge.
Medical systems are vulnerable to cybercrime
Health systems across the globe are facing a severe shortage of ventilators, personal protective equipment (PPE) and essential medicines, and they present an easy target for cybercriminals and scammers.
Scammers have opened fake shops online, claiming to sell essential equipment like surgical masks and gowns. They are impersonating organizations like the World Health Organization and the US Centers for Disease Control to send malware and orchestrate phishing attacks on healthcare organizations.
Interpol recently reported one such attack on German health authorities where the attackers used sophisticated phishing techniques and complex chains of referrals to steal 1.5 million euros (US$1.64 million).
Regulators and banks across Germany, the Netherlands and Ireland acted quickly, monitoring transactions to detect illicit money transfers and identify the culprits, quickly freezing the stolen funds.
“These are times when medical support systems are in the limelight, and they are being targeted by criminals more than ever,” said Chatterjee.
The ASEAN context is no different from the rest of the world
Even as the COVID-19 crisis was in its early stages in February, Interpol highlighted the increasing threats faced that the ASEAN region faces from cybercrime. In 2019, the region witnessed a spike in cases of phishing, compromised business emails, banking malware and other online fraud and security breaches.
As the pandemic worsened, coronavirus-related malware attacks were detected in virtually all Southeast Asian nations in March. The Philippines, Vietnam and Malaysia led the list with 53, 23 and 20 instances, respectively, according to security firm Kaspersky.
Singapore, the regional leader in terms of digitization, has seen businesses targeted using sophisticated coronavirus-themed phishing attacks. Given the increased importance of digital technologies in the era of COVID-19, more nations in the region will have to accelerate their digital transformations as well.