Cyber-attacks have also targeted critical infrastructure such as healthcare services. In response to this, on April 8th 2020, the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory on how cyber-criminal and advanced persistent threat (APT) groups were exploiting the current COVID-19 pandemic.
This advisory discussed issues such as phishing, malware and communications platform (e.g., Zoom, Microsoft Teams) compromise. What is arguably lacking here and in research, however, is a broader assessment of the wide range of attacks related to the pandemic.
The current state of the art is extremely and low risk level (as cyber-criminals can launch attacks from anywhere across the globe), it is clear that cybercrime is here to stay.
Cyber-crime, as traditional crime, is often described by the crime triangle, which specifies that for a cybercrime to occur, three factors have to exist: a victim, a motive and an opportunity. The victim is the target of the attack, the motive is the aspect driving the criminal to commit the attack, and the opportunity is a chance for the crime to be committed (e.g., it can be an innate vulnerability in the system or an unprotected device).
Other models in criminology, such as Routine Activity Theory (RAT) and the fraud triangle use similar factors to describe crimes, with some replacing the victim by the means of the attacker, which it can be considered otherwise as part of the opportunity. While attacks today have become more sophisticated and targeted to specific victims depending on attacker’s motivation, for example for financial gain, espionage, coercion or revenge; opportunistic untargeted attacks are also very prevalent.
We define “opportunistic attacks” as attacks that select the victims based on their susceptibility to be attacked. Opportunistic attackers pick-up victims that have specific vulnerabilities or use hooks, usually in the form of social engineering, to create those vulnerabilities. Thus, we define as hook any mechanism used to mislead a victim into falling prey of an attack. These hooks take advantage of distraction, time constraints, panic and other human factors to make them work.
When victims are distracted by what grabs their interest/attention or when they are panicked, they are more susceptible to be deceived. Similarly, time constraints put victims under more pressure which can lead to mistakes and an increased likelihood to fall victim to scams and attacks. Other examples include work pressure, personal change of situation, medical issues, or events that cause deep and traumatic impact in the whole society in general such as fatalities and catastrophes.
Opportunistic attackers always seek to maximise their gain, and therefore, will wait for the best time to launch an attack where conditions fit those mentioned above. A natural disaster, ongoing crisis or significant public event are perfect cases of these conditions. In the past, several opportunistic attacks have been observed that took advantage of specific incidents; below, we provide few examples:
In 2005 Hurricane Katrina caused massive destruction in the city of New Orleans and surrounding areas in the USA. Not long after, thousands of fraudulent websites appeared appealing for humanitarian donations, and local citizens received scam emails soliciting personal information to receive possible payouts or government relief efforts.
Similar scams and attacks have vestments in stocks related to COVID-19, and impersonations of representatives of public authorities like WHO and aid scams. Brute force attacks on the Microsoft Remote Desktop Protocol (RDP) systems have increased as well, signaling attacks also on technology, not only on human aspects.
It is clear then that attackers are trying the make the most of the disruption caused by pandemic, particularly given it continues to persist. As a consequence, several guidelines and recommendations have also been published to protect against attacks.
These guidelines are imperative for mitigating the increasing threat, but to strengthen their basis, there first needs to be a core understanding of the cyber-attacks being launched. This paper seeks to address this gap in research and practice by defining a timeline of cyber-attacks and consideration of how they impact citizens and the workforce.
Notable incidents or events:
On 25th June 2009, the tragic death of Michael Jackson dominated news around the world. Only 8 hours after his demise, spam emails claiming knowing the details of the incident were circulating online. Waves of illegitimate emails echoing the fatality appeared soon after, containing links promising access to unpublished videos and pictures or Jackson’s merchandise, that in reality were linked to malicious websites, or emails with malware infected attachments. Noteworthy public events also attract a range of cyber-crime activities. During the FIFA World Cup in 2018 for instance, there were various attempts to lure individuals with free tickets and giveaways. These were, in fact, scams leading to fraud.
In 2012, 164 million of email addresses and passwords were exposed in a LinkedIn data breach. This data was not disclosed until 4 years later, 2016, when it appeared for sale in the dark market. Soon after that, opportunistic attackers began to launch a series of attacks. Many users experienced scams, such as blackmail and phishing, and some compromised accounts that had not changed their passwords since the breach, were used to send phishing links via private message and InMail.