How cybercriminals exploit crisis for their own gain

From natural catastrophes to economic instability to war, crises bring out the best and the worst in people. Despite the many tales of heroism during such events, some opportunistic predators will not hesitate to exploit them for their own benefit. Here is what that means in the evolving world of cybercrime.

Crises vary enormously, but whether natural or manmade, localized or global, they all have one thing in common: they bring out both the best and the worst in people.

The coronavirus pandemic is a perfect example from recent times. Especially during the early weeks of the pandemic, headlines highlighted both tales of heroism from health professionals struggling to save lives, and a significant uptick in criminals trying to exploit the situation.

Russia's invasion of Ukraine is another harrowing example of how morally bankrupt scammers exploit humanitarian disasters. In this instance, social engineering scammers saw an opportunity to set up bogus fundraising websites and sham emails asking for money to support the people of Ukraine, only to pocket everything for themselves.

These are just two examples, but every crisis attracts the worst kind of criminals, no matter how large or small. For this reason, businesses and individuals alike must prepare for such threats by increasing their awareness and bolstering their security defenses.

Social engineering

Social engineering attacks are the most common cyberthreat, and almost every attack contains a phishing element. Social engineering has proven highly effective during times of crisis because scammers target people on an emotional level. In these cases, an attacker might target the sense of fear, helplessness, or compassion for financial or other gain. By playing on people's sympathies, social engineering scammers may urge victims to make bogus donations and take another desired action.

For example, during Russia's war against Ukraine, a scammer purported to be acting on behalf of a family of Ukrainian refugees in Poland by sending out emails asking for financial support. Fortunately, a local newspaper revealed the scam very quickly. Still, it is important to remember that there have been many more.

During times of crisis, social engineering scammers commonly play on the inherent kindness of people and a sense of urgency. Although this has long been a common theme in social engineering attacks, the sense of desperation and urgency during crisis situations often sees attackers working overtime to step up their exploits.

Because of these risks, businesses and individuals must be especially mindful of such scams. While this should certainly not put people off from easing suffering during a humanitarian crisis, they must be prepared to navigate around possible scams. For instance, it is imperative to verify everything from contact to payment details when it comes to fundraising. Of course, there will always be legitimate charities and fundraising platforms to work with, but one should also remember that scammers may also try to masquerade as known and trustworthy entities.

Malicious software

While crisis situations almost invariably see an uptick in social engineering attacks, this is by no means the only threat. Crisis situations often demand sudden changes in routine business operations, which might be targeted by more advanced threats involving malware and other technical threats.

The onset of the coronavirus pandemic is one of the best examples from recent years, which saw millions of people suddenly working from home for the first time. Unfortunately, this meant accessing business-critical systems and data through poorly protected home networks and employee-owned devices. The threat of eavesdropping attacks on video conference calls was one such example of how attackers specifically exploited remote workforces.

The difference between malware and social engineering in the context of a crisis situation is that malware takes longer to develop and adapt to the changing environment. As such, newer forms of malware tend to kick in weeks or months after the beginning of a crisis, as attackers develop malware to scale and automate other attacks, including phishing scams. For example, during the pandemic, scammers sent Word documents detailing precautions to take against coronavirus infections. However, the documents contained malicious macros to load malware onto victims' systems.

Advanced attacks

Among the greatest threats in today's predominantly digital world are those that both create and perpetuate crises. These are the attacks carried out in the name of cyberwarfare, where hostile regimes deliberately target areas like defense and critical infrastructure in the hope of crippling their enemies economically, militarily, or societally. Targeted cyberattacks and fake news are just some of the increasingly common threat vectors in the era of cyberwarfare.

Targeted attacks orchestrated by or under the auspices of hostile regimes are among the most dangerous of all. Rival security agencies or organized hacking groups sanctioned by hostile states tend to be extremely well-funded and comprised of the most skilled hackers. Unsurprisingly, crisis situations like trade wars and military conflict often see an uptick in such attacks.

These attacks often incorporate a variety of technical and non-technical tactics, with some of the most dangerous being advanced persistent threats (APTs). APTs are especially harmful since they involve establishing a long-term illicit presence on a target network, ultimately to obtain full control. In the worst-case scenarios, this could mean compromising an entire electrical grid or any other asset essential to society's normal functioning.

To guard against the elevated threat levels during times of crisis, organizations must adopt a blend of training and awareness and other proactive security measures. Employees need to know how to identify common phishing scams and similar threats. Security teams must take extra care in safeguarding their systems beneath multiple layers of protection. Ethical hackers and penetration testers should be enrolled to help organizations garner a better understanding of their security postures from the outside looking in. With a comprehensive security strategy, it is possible to stay ahead of threat actors during times of crisis.