LACNIC

Cybersecurity

Cybercrime During the COVID Pandemic

09/09/2020

A group of international experts analyzed how the coronavirus pandemic has affected the global evolution of phishing and cybercrime in general.

Graciela Martinez, Head of LACNIC CSIRT, was one of the speakers at this webinar organized by the Anti Phishing Working Group (APW), an international coalition unifying the global response to cybercrime across organizations from various sectors.

Along with a select group of APW members, Martinez detailed the evolution of the criminal methods used to exploit the special conditions created by the increased use of the Internet during the current pandemic. The group also analyzed how to prevent and respond to COVID-19-related attacks.

Martinez stressed that the unprecedented situation resulting from the pandemic has benefitted cybercriminals, thus demanding new responses from cybersecurity incident response teams.

The seminar presented examples of the creation of domains names for websites purportedly containing COVID-19 related information that coincided with new phishing campaigns, attempts to commit fraud against financial institutions through websites offering treatments for the new disease, or portals selling face masks that never reached their destination. “These activities have mostly targeted consumers (end users), but companies have also been the target of cybercriminals,” Martinez added.

COVID-related domain names. The increase in the number of domain names during the early days of the pandemic caught the experts’ attention. In early January, less than 60 domain names were being registered daily. In February, this number showed peaks of 500 to 1000; between late February and the end of March, peaks of more than 5,000 COVID- or coronavirus- related domain names were registered daily. According to Martinez, the most popular words used in fake domain names were corona, covid2019 and covid19.”

This explosive increase was detected by technical communities and groups working on detecting cases of phishing and attempted fraud. “Many criminal groups have set up their infrastructure to commit fraud, especially under favorable conditions that lead to an increase in Internet traffic. The of goal of CSIRTs and other organizations fighting against cybercrime is to dismantle this infrastructure,” Martinez noted.

Martinez also observed that the challenge is not only to eliminate fraudulent links but also to dismantle criminal infrastructure, as this infrastructure is used to launch dynamic and parallel campaigns.

LACNIC CSIRT recommends that organizations notify potential fraud victims and develop programs to provide early notifications to alert users.

LACNIC CSIRT promotes the sharing of evidence and information with other organizations, as this allows planning prevention campaigns and developing mechanisms to offer warnings and assistance.