Thursday, 23 April 2020

Cyber crime in the time of COVID-19

by Phil Chapman

Criminals take advantage of their surroundings, and cybercriminals are no different. With coronavirus looming and internet activity at a record high, here’s some advice from our law enforcement and cybercrime expert Phil Chapman.

In the general day-to-day of what I do - and to supplement the courses I look after - I keep an eye on the news, feeds and posts that sometimes slip beneath the surface for the less technical eye.

For better or for worse, COVID-19 has turned the spotlight onto our online lives and habits, with an added magnifying glass on top. And while for the most part the stage is being filled with humanity at its best – innovation, collaboration, you name it – there’s also the other side. The darker side of the internet, which was always there, but in times of lockdown is now taking to the main stage.

Sadly, it’s not a surprise that humanity’s very worst should emerge in times of crises. And that’s why it’s imperative that we all keep safe, protect ourselves and our families, and ensure that we emerge unscathed from the next weeks and months online.

In this article, I’ll explain what you should look out for, and why. But also importantly, how.

Criminals take advantage of their surroundings

Let me give you some context with an example - this one from the physical realm.

On the evening of April 14, a van driver was stopped and searched before boarding the Eurotunnel in Calais and found to be carrying 14kg of cocaine, hidden amongst a shipment of personal protective equipment (PPE) destined for and desperately needed within the UK.

The National Crime Agency (NCA) have subsequently reported that drug dealers who have used conventional means to perpetrate their criminal activities are now adopting new tactics by masquerading as key workers to sell drugs outside of supermarkets.

Criminals, regardless of their means, will always play on the vulnerabilities of people to conduct their business. And in order to be more effective at that, they will generally adopt new techniques to match their surroundings.

Cyber criminals are no different to the conventional criminal on the street. For several weeks now the NCA, Regional Cyber Crime Units and International law enforcement agencies have been dealing with an increased amount of cyber-related crime against innocent victims by using the COVID-19 pandemic as a cover, and a means to an end.

Internet activity has grown. A lot.

There’s little doubt that we have all increased our Internet activities over the past month. The fact that so many of us are working from home alone has inherent security risks, with the management of safe communications, data protection and other concerns.

Add to that the fact that a lot of us will now have kids at home, who are looking to use technology to keep them occupied, and apart from work, the internet is known to be a great source of fun.
Plus, vulnerabilities on popular online meeting tools are trending all over the news, making the very act of going online a potential hazard. 

To top it off, with fewer opportunities to act on the physical world, criminals are also having to “work remote” and take their activities online. This means cybercrime has grown a lot lately.

Things to watch out for

We are all seeking news about the spread of the COVID-19 virus and our quest to seek out the latest facts and figures also increases our footprint on the Internet and the risk of being scammed.
Most cybercrimes follow established patterns, even if they become more sophisticated and harder to spot. These are the usual threats you should always be watching out for:

  • Phishing attacks from legitimate-looking sites which pretend to be from official government, financial or health organisations - either attempting to gain financial or other personal information from the end-user;
  • Malicious trojans, which invariably invoke remote access or ransomware. 
  • Fake sites which act as a “watering holes” for innocent web surfers, set up to attract internet users to a particular site of interest which masquerades as an official source of information but are being run in order to phish for credentials and other information. 

Sextortion: a rising threat

Every now and then, a new category of criminal activity experiences a surge on the cybercrime landscape. 

As more people bring the most intimate parts of their lives online, law enforcement Protect officers nationally are also seeing an alarming increase in the number of sextortion attempts and attacks being conducted against internet users of all ages, who are sharing more than ever on social media.

This situation creates a target-rich environment for paedophiles and other predators seeking out vulnerable or unwitting youngsters online.

A note of caution

Those of us who use social media are probably all guilty of having “friends” whom we probably never met in real life. Do we know the size of the circle of friends our children have on the countless social media and chat sites they use?

Singing, dancing, acting and posting pictures with bunny rabbit-ears are flooding the broadband as we speak – but do you really know who is receiving, watching and responding to it?

The United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have recently published a joint advisory which gives an overview of the current threat picture and solid advice to homes and businesses on how to mitigate the risk.

How can you protect yourself and your family?

From a home user perspective, there are a few steps you can take to reduce the risk without sacrificing the freedoms we all cherish. 
  • Talk to your children about using the Internet. It doesn’t have to be too heavy or - no need to go “Victorian dad” - but make sure your kids are aware of the potential risks. Obviously, take their age and habits into account when calibrating the talk;
  • Review or set up your built-in online security filters. Nearly every ISP has a free-to-use system of parental controls which are easy to set up and monitor;
  • Be aware of the increased risk at this time from fake sites, phishing emails and illegal downloads. If the email offer sounds too good to be true, it probably is;
  • Use software that you know and trust. Don’t be tempted to download or click on download links for games, apps or sites which you don’t know;
  • Keep your systems updated and patched, including your anti-virus software;
  • Do not use the same password for everything you do on the Internet. Have a fresh start and change them today and keep them long and strong.
From a business perspective, there are also a few guidelines to give you a head start when confronting potential cybercrime:
  • Talk to your users about the risks. User awareness is one of the key factors and first line of defence. If you are having regular updates about the business, why not include the current threat picture or security updates as part of the process? Don’t make it too heavy, but keep it present;
  • Maintain a strong security posture for your remote workers. Use secure, reliable VPNs. Ensure that password security is maintained and if possible, use multi-factor authentication. 
  • Check your remote connections to ensure that insecure protocols are not being used (no Telnet, RDP, or HTTP)
  • Check the NCSC website regularly for updates and advice
  • Contact your local Police Cyber Protect Unit for the best advice and guidance
  • Contact Action Fraud if you feel that you have been scammed.
In these times, more than ever, the most important message is to keep your life going. Keep it real, keep it fun - but always keep an eye out, and keep it safe and healthy in the process.

Phil Chapman has over 30 years’ experience in intelligence, counter terrorism, police, customs and financial services. Before joining Firebrand as an instructor, he’s worked for the Royal Air Force, MoD and GCHQ. Phil has upskilled more than 800 operational officers since.