Authorities Warn Syndicates Turning to Cybercrime Amid Covid-19 Pandemic

Crime, Corruption, and Coronavirus
Feature

COVID-19 has wreaked havoc across virtually every area of the economy, and organized crime is no exception. OCCRP spoke with law enforcement and cybersecurity experts about how criminal groups are looking to supplement their income by heading online.

Banner: Christiaan Colen, Wikimedia Commons

February 3rd, 2021

COVID-19 transformed the global economy. While governments fought over scarce medical supplies, much of the world’s population sat at home. As workplaces stood unattended and malls lay empty, the massive resulting increase in internet traffic brought with it an inevitable explosion in illegal online activity.

Just three months after the World Health Organization declared a state of global emergency, UN officials were reporting a growth in email-delivered malware of more than 600 percent, and by October ransomware attacks against private companies and vital public institutions alike had surged by upwards of 40 percent on the previous year.

The ever-increasing distribution of child pornography online has drastically accelerated amid the pandemic: U.K. police arrested 4,760 people over alleged online child sex abuse in the country’s first lockdown alone. There’s also been a boom in dark-net vendors selling snake-oil cures for the virus, and a plethora of fraudulent sites claiming to sell desperately needed medical equipment.

COVID-19 has proven a windfall for veteran cybercriminals, and authorities know that the most sophisticated new scams and attacks are being orchestrated by the online professionals. More surprising, and equally troubling, is the increasing number of other, less-specialized criminal elements now moving portions of their enterprises online.

“Cybercrime and cyber-enabled crimes are going to offer enormous potential for criminal groups of all sizes and scales to replace lost income elsewhere [being] constrained by virus-control conditions,” think-tank Global Initiative Against Transnational Organized Crime warned in March.

Herb Stapleton, section chief of the FBI’s cybercrime division, told OCCRP he saw the number of complaints to his department more than triple within six weeks of the pandemic reaching the U.S. The majority of incidents involved phishing attacks, in which fraudsters send emails containing false backstories or threats of harm, so that they can extort money or valuable information from victims.

Automated phishing kits — software packages that let criminals send scam messages to email addresses scraped, by hackers, from legitimate websites — are now available via the dark web for as little as US$50. Some marketplaces are even offering discounts, to cash in on the growth in demand. With ongoing disruption to other criminal interests worldwide, such software offers easy and effective ways for the world’s cartels, mobs, and mafias to make up for income drops elsewhere.

“There’s definitely been an increase in cybercriminal activity by criminal elements who don’t have sophisticated technical skills, and one of the things that has made that possible, really, is the rise of malware as a kind of service,” Stapleton explained.

Credit: OSeveno, Wikimedia Commons
Europol’s headquarters in The Hague, the Netherlands. The policing group is warning of new threats from cybercriminals amid the COVID-19 pandemic.

Tamara Schotte, a cybercrime specialist with Europol, the European policing body, said the new generation are often people who might not previously have gravitated towards internet-enabled criminality. “The more we headed into the middle of the crisis, the more we saw the wannabe scammers, as they started to realize there’s quite some profit to be made in the area of cybercrime,” she said.

Phishing scams generally play on pervasive public fears, which have grown amid the outbreak. For example, some emails have threatened “to infect every member” of a victim’s family with COVID-19 unless they pay up, while others have spoofed government and financial institutions to trick people into believing their COVID-19 support loans are in jeopardy.

“They simply haven’t held back on any of the means that are now available to them,” Tonia Dudley, an adviser with cybersecurity firm Cofense, told OCCRP, adding that crooks have even preyed on worker fears over job security.

“When companies started having to cut back on their workforces, we also saw phishing attacks leveraging the HR theme of, ‘I’m sorry to let you know that your job has been eliminated,’” she said.

Another common ploy is the so-called Business Email Compromise scam, in which cybercriminals gain access to a company’s internal servers to masquerade as senior employees, later requesting cash transfers to accounts held outside the firm.

“Especially in the early weeks of the pandemic, so many people were just hungry for information about what was going on,” Stapleton said. “So of course scammers were creating links that read ‘click here for the latest today,’ and which looked like they were from perfectly legitimate government or academic institutions.”

As we enter the new year, an end to the pandemic may finally be on the horizon, with successful clinical trials now leading to vaccination rollouts, and business slowly coming back to life in certain countries.

What remains to be seen, once things return to normal, is whether old-school criminal groups will abandon their newfound technological toolboxes and return fully to their conventional revenue streams, or whether they’ll remain online.

As Europol’s Schotte puts it: “Those groups that didn’t see any prospects [on the internet] before the pandemic, they’ve definitely seen them now.”