Cybercriminals Increasingly Exploiting Pandemic Trauma

The ancient military strategist Sun-Tzu wrote that “in the midst of chaos, there is also opportunity.” He was referring to the ability to point your opponent toward the direction of your choosing. Cybercriminals have taken this philosophy to heart: They use the personal and organizational disorder brought on by the COVID-19 pandemic trauma associated with lockdowns and business uncertainty to facilitate their attacks.

Pandemic Trauma

Mental health professionals are studying the emotional impact associated with pandemic fears, economic uncertainty and strained personal relationships. It is anticipated that the COVID-19 pandemic will inflict long-lasting psychological trauma. In these difficult times, people are spending much more time online, searching for answers and often becoming susceptible to conspiracy theories, viral video, and fraudulent sites.

Cybercriminals understand human nature and that uncertainty and doubt offers them an opening to exploit people and organizations for financial gain. Point3 Security’s VP of Strategy Chloé Messdaghi noted many cyber outlaws don’t just hack computers, they hack people. “They exploit our fears using an emotional exploit called ‘Amygdala Hijacking,’ which is when a strong negative emotion causes an individual to lose the ability to think rationally,” she said, noting attackers are using the current pandemic to trigger our anger and fears simultaneously to trick us into trusting their message and malicious links.

Attacks Are Increasing

Numerous surveys and reports confirm that cyberattacks have spiked during the first half of 2020. In April, the FBI’s Internet Crime Complaint Center (IC3) reported that cyberattack complaints had increased by a factor of four. By mid-June, the IC3 had received as many complaints as it had in all of 2019.

Two additional surveys reaffirm that pandemic-inspired cybercrime has risen. The Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) reported that 63% of respondents to their survey have seen an increase in attack activity. Exabeam, in cooperation with Censuswide, found that 80% of the small and medium sized companies questioned saw “slightly to considerably more” cyberattack attempts.

“Leveraging a major event is an old technique for attackers,” said Saryu Nayyar, CEO of cybersecurity and fraud analytics company Gurucul. “The pandemic is a useful hook that increases attack success rates.”

Criminal Pandemic Bag o’ Tricks

Cyber brigands have many malicious tools available to them and they are deploying them all. They exploit people’s insecurities, fears, frustrations and even naivety brought on by the pandemic environment. Criminals have weaponized the pandemic by creating email campaigns that purport to contain valuable virus information such as pandemic maps. Phishing emails are designed to get people to inadvertently download malware including ransomware. Scammers also appeal to people’s willingness to help by soliciting donations for healthcare organizations and charities that do not exist. In April, Google was seeing 18 million phishing and scam emails related to the pandemic every day.

“False flag” websites are also a common attack vector. According to Palo Alto Networks, close to 100,000 of the million new websites with keywords related to the crisis are potentially malicious. Fake websites are optimized to appeal to people searching for virus-related information and are sophisticated enough to fool some firewalls.

How We Should Respond

Attackers exploiting pandemic trauma can be thwarted. The criminal element uses human nature against people, so countermeasures can’t be solely technological and must include individual action. Many of the techniques we are familiar with can mitigate email-based attacks, as Nayyar pointed out, “We have to be even more cautious than usual and recognize when our own situation may be playing into an attacker’s hands.”

Point3 Security’s Messdaghi recommends that people take a step back and don’t respond immediately. Instead, take the time to be sure that an email or website is legitimate. “Attackers’ phishing messages push for an immediate response, but we counsel that if a supposed work email comes in after hours, it’s best not to respond.”

There are many mitigating activities people can take, but the key is to be aware of your environment and to maintain a level of skepticism. Be careful when clicking on any links. Try not to conduct important tasks when tired or not fully alert.

Zero Trust

Zero Trust is a security model in which no one is trusted by default; verification is required. This strategy can also work for individuals. Employees need to adopt a similar zero-trust mindset in which they reach out to people when there is a questionable solicitation. Although many are working remotely, it is still important to contact colleagues by another means (text, phone, business collaboration tool or social media) to confirm the legitimacy of a request. It may take a little extra time but the benefits are worth it: You are thwarting attackers. Also when the request is valid, the act of checking the legitimacy provides an outlet to engage with co-workers, customers, friends and family.

Finally, if you have a need to help, don’t look online. Instead, seek out local organizations or businesses.

This is a very stressful time. It is important not to become a victim of pandemic trauma-based cyberattacks.

Avatar photo

Charles Kolodgy

“Charles J. Kolodgy is a security strategist, visionary, forecaster, historian, educator, and advisor who has been involved in the cyber security field for over 25 years. He is an Analyst with Accelerated Strategies Group and Principal at Security Mindsets. His views and understanding of information and computer security were shaped during his years at the National Security Agency. During that time he held a variety of analyst and managerial positions within both the information assurance and operations directorates. Following NSA is was a a Research Vice President covering security markets for IDC and then a Senior Security Strategist for IBM Security. Over the years he has identified market trends and authored numerous documents to explain market realities and has been a speaker at many security conferences and events, including the RSA Conference, CIO Conference, CEIG, and IANS. He has been widely quoted in the media. He is best known for naming and defining the Unified Threat Management (UTM) market which continues to be one of the strongest cyber security markets with vendor revenue of $3 billion per year. He has been a leading analyst on software security, encryption, and the human element. Charles holds a B.A. in Political Science from the University of Massachusetts at Lowell and an M.A. in National Security Studies from Georgetown University.”

charles-kolodgy has 15 posts and counting.See all posts by charles-kolodgy