Cybercriminals’ Motivations during Catastrophic Times

Brittany Haynes wrote an article about “How Criminals
Are Benefitting From the COVID-19 Crisis” on March 19, 2020, which is available
at Haynes’s
article references a March 9, 2020 article by Bradley Barth with the title
“Don’t get fooled again: Fake coronavirus emails impersonate the WHO to deliver
FormBook trojan” which is available at

It is important to know, especially during such disruptive
times as these, what cyberattackers are up to and how they might be achieving
their objectives, and so I recommend reading these and other articles to know
what is happening now in cyberspace, even though focus is primarily on health
and economic issues, which is as it should be. But we cannot ignore the cyber
side. And, in order to get a better understanding of what’s going on, we need
to try to fathom why cybercriminals are specifically doing what they are doing
in order that we might arrive at effective means of preventing and deterring
such activities.

When it comes to motivations, we should ask ourselves
whether these nefarious activities are due to “structure” or “agency.”

In a January 13, 2020 article on inequality by Joshua
Rothman in The New Yorker with the title “Same Difference: What
the idea of equality can do for us, and what it can’t,” the author makes the
following statement about human behavior:

“Explanations of human behavior have traditionally
been divided into two groups: those which focus on the forces that push us
around and those which emphasize how, as individuals, we can choose to resist
them. The same phenomenon can be viewed from either side of the so-called
structure-agency distinction. For most of the twentieth century, according to [political
theorist Yascha] Mounk, criminologists looked at crime from a structural
perspective: they urged politicians to fight it by reducing poverty—its root
cause. Later, however, they changed tack: they began examining the motivations
of individual criminals and asking how potential wrongdoers, as ‘agents,’ might
be dissuaded from committing crimes.”

To what extent can the above concept be applied to
cybercriminals? In my article in the January/February 2020 issue of the ISACA
with the title “When Victims and Defenders Behave Like
Cybercriminals,” I look into why some who are perceived as victims, or are
tasked with defending those potential victims, make the switch to become cyberattackers.

I would note here that while the motives of
cyberattackers may be pretty much the same as usual, namely, extorting funds,
creating disruptions, inciting discord, etc., the motivations of cyberattackers
will likely have changed for some. In a booming economy, greed and desire to
live a more luxurious lifestyle might be significant drivers of fraudsters. But
in today’s physical and economic upheavals, some attackers may be operating in
order to survive themselves, which can be a far greater impetus than enriching
oneself. Also, for those looking to further disrupt the already flailing economies
of their adversaries, opportunities among a fearful population are much
increased. In a situation of increased and more effective criminal activities,
exacerbated by the coronavirus and its impact, avoidance, prevention and
deterrence become so much more important for potential victims and increasing the
support and assistance by government and the private sector has become even
more critical.

In addition, there should
be great concern about unauthorized access to sensitive systems in such times,
as I describe in my 2012 article “IAM Risks during
Organizational Change and Other Forms of Major Upheaval,” which is Chapter 1 in
Digital Identity and Access Management:
Technologies and Framework
, edited by Raj Sharman et al, and published by
IGI Global. The main idea here is that when there are big changes to staffing,
either through layoffs or role reassignments, identity and access management
(IAM) systems, which authenticate users and authorize their access rights, may
fall behind in their maintenance, leaving open access that needs to be changed
in order to avoid nefarious activities. It is highly likely that, during these
turbulent times, many users will continue to be authorized to access internal
corporate systems outside of their status changes, and that such accesses
represent a significant risk to companies. Despite the difficulties, support
personnel need to move quickly to remove obsolete access rights—a task made so
much harder right now.

As we suffer through the coronavirus pandemic
dystopia, we are seeing fraudsters, hackers and scammers taking advantage of a
frightened and vulnerable populace. This is unacceptable even at the best of
times. How much more so in these worst of times. While the world’s leadership
is rightly concentrating on the physical aspects of the pandemic, this is no
time to ignore the activities of cyber looters and other bad actors. Our
political and business leaders need to ramp up defenses against such cyberattacks,
and lawmakers, regulators and law enforcement officials must strengthen the negative
consequences to perpetrators of committing consequential cybercrimes even as they
work to get us through these times.

Amidst the justifiable concerns about the pandemic’s physical
impact, there appears to be too little room for discussing mitigation of cybercrimes.
While such prioritization is understandable, we must not ignore the cyber risks
that are also spreading throughout the world. It is time to bring cyber into
the conversation much more than it has been up to now. We need to better
understand why these criminals are doing what they are doing, and put in place
effective preventative measures and deterrents. The populace is already facing painful
times. We certainly do not need an additional layer of assault. Yes, follow the
warnings and advice in the proliferation of articles on the subject of
protecting against cyberattacks. But, there also needs to be considerable
effort, both nationally and globally, to address the ravages taking place in

*** This is a Security Bloggers Network syndicated blog from authored by C. Warren Axelrod. Read the original post at: