The Covid effect on cybercrime

In August, Hozefa Arsiwala was having a late lunch with his wife and daughter during a staycation when an SMS came in. It confirmed that he had just spent Dh50 to buy a T-shirt online. Except that the Sharjah resident hadn’t. He immediately rang his bank, one of the largest in the UAE, and learnt the purchase had gone through. A quick Google search told him the store was located in the US.

The same card was also being charged an additional Amazon Prime payment for the preceding three months, something Arsiwala was pursuing with the technology services provider. “The bank offered to open a complaint to pursue the matter and uncover more details about both incidents, but given the time and potential costs involved, it wasn’t worth the trouble,” he says.

Arsiwala doesn’t know if he’d been phished, that is, tricked into revealing sensitive personal data, or if his data had been stolen in a cyberleak, but he was certainly a victim of credit-card fraud, one of many different kinds of online bank hoaxes being reported in the UAE.

Earlier this year, the Central Bank of the UAE warned of a spike in cybercrime and bank fraud, as fraudsters capitalise on the coronavirus pandemic to find new ways to target consumers. The bank rolled out its first national fraud awareness campaign in April, which aims to arm consumers with the skills to protect themselves against scams.

“During times of heightened disruption, there is often a general escalation in cybercriminals’ activity,” says Anoop Das, cybersecurity expert at the cloud services provider Mimecast Middle East. “There has been a spike in cybercrime across the board and crime for financial gain has been among the most significant. Criminals know that many people are struggling financially and are looking for ways to prey on their desperation.”

He offers a chilling example from a recent Mimecast investigation. The log-in page of a major UAE bank had been cloned, with the fake website live since July. Customers had potentially been affected for several months. “If a banking customer were to click on a phishing link, they would be sent to the malicious fraudulent website,” he says. “This log-in page is then used to harvest the credentials of the customer, as they are prompted to fill in their information, including their password. Criminals can then use this information to access the user’s bank account.”

Rise in attacks

The company’s Threat Intelligence Centre picked up 115,000 Covid-19-related registered spoof domains in the first three months of the pandemic. These offered fake or non-existent goods such as protective masks or Covid-19 cures, or targeted individuals seeking compensation for holidays booked. “The general fear and uncertainty of this year has offered criminals the perfect opportunity to exploit vulnerable people,” Das says. “Our researchers saw a massive 751 per cent increase in unsafe clicks during the first three months of the year in the Middle East and North Africa– many of which were likely used for financial gain.”

Scamsters have capitalised on the pandemic with creative attack campaigns that play to the present mood. With people’s health, jobs and finances all under threat, cyber monitors report an increase in e-mails enticing users to click on unsafe links, purportedly offering information on rising local case numbers, advice on safety measures, tips for claiming stimulus cheques, as well as alerts on coronavirus-linked investment opportunities or relief donations.

Focused attacks

“Ransomware, privileged access abuse, data loss and poorly configured services that create vulnerabilities are significant risks,” says Ammar Enaya, Regional Director – Middle East at Vectra, an artificial intelligence-based threat detection platform that counts UAE banks among its clients. “Cybercriminals particularly target banking customers and supply chain partners so those connections and credentials must be controlled and monitored too. Banks are also a target for politically motivated attacks seeking to disrupt and destabilise a region’s infrastructure. For customers using banking digital services, their credentials will be a prized target for attackers. Banks need to ensure robust access and identity technical controls and also focus on customer security awareness education.”

Organisations — including banks — have also been unprepared to have their entire workforce operating remotely. The sudden shift to working from home opened up security gaps for hackers. This week, backup software solutions company Acronis revealed the results of a global survey of 3,400 companies: 39 per cent of companies experienced a videoconferencing attack in the past three months. Malware attacks such as ransomware also have increased during the pandemic, with 31 per cent of companies reporting daily cyberattacks and 50 per cent being targeted at least once a week.

“The attack surface is being expanded by remote work and unsecured personal devices used by employees, increasing the risk to the business,” says Adam Palmer, Chief Cybersecurity Strategist at Tenable, a global IT company that tracks cyber exposure. He tells GN Focus that traditional risk management is failing, and organisations should integrate their security into one central identity and access management solution, while using privileged access management to restrict access to critical systems and data, to limit the ability for attackers to reach critical systems. “It’s important to make sure remote workers’ devices are fully configured with endpoint protection and detection. Far too many people, including the most tech-savvy, ignore system updates and patches.”