Cybercriminals are using the unprecedented disruption in daily life brought on by the coronavirus pandemic to try to breach systems and dupe employees and customers of banks, payment providers, online retailers and other businesses at an alarming pace, according to cybersecurity experts and regulators.
Social-distancing restrictions adopted as the pandemic worsened globally forced many companies to shift the bulk of their workforce out of the office and spurred growth in online shopping and banking, including a cadre of clients in Asia who never banked digitally before.
It also opened the door for scammers to use phishing emails and automated attacks to try to gain access to accounts or critical systems, according to Mark Lukie, sales-engineer manager for Asia-Pacific and Japan at cybersecurity provider Barracuda Networks. For example, phishing attacks where an email is made to appear to have come from a trusted source or company spiked by almost 670 per cent globally as the pandemic worsened in February and March of this year, he said.
“The bad guys never really take a holiday. It doesn’t matter if it is a pandemic,” Lukie said. “They basically pivot and shift [their attacks] to make themselves more relevant.”
More than half of businesses surveyed in Asia said they experienced at least one major security scare since shifting to work from home this year, according to a September 22 report by Barracuda.
Of 1,005 information technology decision-makers surveyed, 47 per cent said their cybersecurity budgets were cut, and 54 per cent said security took a back seat to prioritising equipment for work-from-home arrangements this year, according to Barracuda.
Interpol warned in August that hackers and other cybercriminals were shifting their focus from individuals and small businesses to major corporations, governments and critical infrastructure as a result of the health scare, with some 907,000 spam messages related to the pandemic between January and April.
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by Covid-19,” Juergen Stock, Interpol’s secretary general, said in an August 4 statement. Covid-19 is the disease caused by the coronavirus
In July, Twitter suffered a major breach as hackers temporarily gained control of the accounts of several public figures, including former US President Barack Obama, Elon Musk and Bill Gates after targeting employees.
In August, trading was disrupted for four days on the New Zealand stock exchange following a series of denial-of-service attacks. On Monday, one of the largest hospital operators in the United States took its computer systems offline following a malicious software attack.
The coronavirus pandemic sparked a series of scams, frauds and malicious activities in recent months as criminals impersonated governments, charities and mask sellers to dupe unwitting consumers, according to Arthur Yuen, deputy chief executive of the Hong Kong Monetary Authority.
“Those are not new,” Yuen said at the Hong Kong Institute of Bankers’ annual conference on Monday. “In this kind of environment, it is quite easy to get through the guards of the customers.”
Whilst banks in Hong Kong have generally been good at identifying malicious websites and applications designed to harvest account data, bad activity is picking up this year, Yuen said.
In all of 2019, Hong Kong regulators recorded 11 incidents of malicious apps. There have been more than 20 such incidents through August of this year, Yuen said.
The Reserve Bank of India said in July that the banking industry was the “target of choice” for cyberattacks this year, as lockdowns forced many companies to turn to remote working.
Financial services companies, in particular, are a significant target for login, payment and bot attacks this year, according to LexisNexis Risk Solutions.
In the first half of the year, financial services companies using its digital identity network saw a 38 per cent increase in bot attacks – which can range from secretly collecting data to denial of service attacks to installing malware, according to the company’s latest cybercrime report.
Overall, financial services companies accounted for 62 per cent of the 868 million automated bot attacks recorded on its digital-identity network between January and June, according to LexisNexis Risk Solutions.
In Hong Kong, there were 7.8 million bot attacks in the first half of the year, a 62 per cent increase over the first half of 2019.
One way fraudsters are gathering information is by using phishing emails disguised as being related to services consumers are likely to use while they’re at home during the pandemic, such as Netflix or PayPal, according to Cameron Church, LexisNexis Risk Solutions’ director of market planning for fraud and identity.
“The information gathered as part of those interactions is where it generally starts,” Church said. “Fraudsters are thinking in advance or thinking a little bit more logically about the way in which and who and how they target potential victims.”
Church said he has personally received four or five suspected phishing emails a day this year.
There were 16 million attacks globally between January and June of this year related to new account openings, with mobile applications being a key method used by cybercriminals, according to the report.
Scammers are also targeting relief programmes set up to ease the economic fallout from lockdowns of major cities and disruption in the global economy this year, according to LexisNexis Risk Solutions.
But, it is not just financial services that are facing difficulties from increased cyberattacks during the pandemic, according to Gene Yu, chief executive of cybersecurity incident response firm BlackPanda. It is across industries, he said.
Small- and medium-sized businesses in Asia are particularly susceptible, he said.
“They commonly have this perception: who am I? I’m so small. I don’t have any real enemies. I’m not important enough to be hacked,” Yu said. “Forty-three per cent of attacks are targeting SMEs. Sixty per cent of these attacks [result in the company] going out of business within six months of breach.”