By Annalise Kempen
The current worldwide COVID-19 pandemic which resulted in various lockdown levels across the world, has opened new opportunities for criminals to exploit people - especially in cyberspace. Many people have in the process become more dependent on technology, the Internet and online platforms to work, study, meet, shop and interact with loved ones and family.
The United Nations Office on Drugs and Crime (UNODC) notes in a research brief entitled "COVID-19-related trafficking of medical products as a threat to public health" which was published in July 2020, that the increase in cyberattacks and online scams, correlates with the spread of COVID-19. It is no surprise that there has been an increase in such attacks and scams targeting especially hospitals and critical public infrastructure engaged in combating COVID-19, since the first quarter of 2020. Unfortunately, the UNODC does not expect that these cyberattacks and scams will end soon (UNODC, 2020).
The most common COVID-related cybercrimes
Two of the most common COVID-related cybercrimes that the UNODC (2020) have identified are COVID-19-related fraud where products (mostly medical) have been paid for, but were never delivered; and data that has been stolen and sold on the Dark Web. In terms of the types of online threats that have been experienced, the UNODC notes the following:
- Fraudulent websites, where corporate websites have been manipulated to make the purchaser/client believe that the company is genuine and legitimate;
- phishing and scamming which are perpetrated via e-mail where the perpetrator intends to steal the user's personal information; and
- ransomware attacks, where the perpetrator either threatens to publish the victim's data or perpetually blocks the victim's access to his or her data, unless the victim pays a ransom. The crime is typically perpetrated through malware which is often activated after the victim has opened an e-mail attachment, or clicked on a link in an e-mail message.
INTERPOL (2020a) agrees that the types of cyberattacks relate to three areas, namely:
- Malicious domains where the words "coronavirus", "corona-virus", "covid19" and "covid-19" have become common. Although many of these websites are legitimate, cybercriminals have been creating thousands of new websites during the past couple of months which send out spam campaigns and spread malware.
- Malware, spyware and Trojans have been embedded in many interactive corona-virus maps and websites. Cybercriminals have been taking advantage of the widespread global communication on COVID-19 to mask their activities. These spam e-mails are set up in such a way as to trick users into clicking on links which download malware to their computers or mobile devices.
- Ransomware have been perpetrated against many hospitals, medical centres and public institutions that have been so overwhelmed with the health crisis that they could not afford to be locked out of their systems, which criminals believe would make them more likely to pay the ransom. The ransomware can enter their systems through e-mails containing infected links or attachments, compromised employee credentials, or by exploiting a vulnerability in the system (INTERPOL, 2020a).
The use of the Dark Web in times of pandemics
Each week, the Evidence-based Cybersecurity Research Group based at the Georgia State University, USA collects data from 60 Dark Web markets and forums through its darknet analysis project. This research group has found that three major types of COVID-19 offerings have emerged since late February 2020 relating to protective gear, medication and services to help people commit fraud.