This archive report was first published on 4 August 2020.
COVID-19 Fuels Rise in Cybercrime: A Double Tragedy for Kenya ¶
As the COVID-19 pandemic continues to spread, it has also created a perfect environment for cybercriminals to exploit the online world. With the shift to ecommerce, fraudsters are taking advantage of the unprecedented times, and the digital space provides a massive platform for unsuspecting victims.
Between February 25 and March 25, 2020, Menlo Security identified a 25% increase in the number of people clicking on malicious URLs with domain names referencing either COVID-19 or Coronavirus. This surge in domains registered with direct links to the pandemic is likely to see a significant increase in social engineering attacks, which accounted for 43% of computer breaches last year, according to The Verizon Data Breach Investigation Report.
Social engineering is the science of using social interaction to persuade individuals or organizations to comply with a specific request from an attacker. Cybercriminals use psychological methods to target parts of the human psyche that are deeply embedded across much of the population. In Kenya, social engineering-based attacks are commonplace, with many people receiving messages from inmates trying to swindle them.
With the prevalence of mobile money transactions and the growth of cashless payments, individuals are making phone calls to those they have identified as vulnerable, claiming to be from a trusted source and engaging the target in conversation to get personal information such as mobile wallet pin numbers or debit card CVV code.
The COVID-19 pandemic has presented cybercriminals with unprecedented social engineering exploits. Global cybercrime has not had to do much more than repurpose their normal attack techniques, by repackaging them as slick, professional-looking COVID-19-related emails or websites and releasing them into the online world to reap revenue.
Phishing is probably the number one item that has seen a massive rise during these trying times. Society is hungry for information, or even relief, making phishing much more successful. Cybercriminals are now using fraudulent emails or websites to advertise fake Coronavirus charities or suggest they can supply anything from cures, tests, or Personal Protective Equipment that will never arrive after payment.
Businesses must therefore continuously evaluate the security defenses in place and ensure their detection and alerting capabilities are functional always. Below are a few areas to consider in the proactive management of security in the current crisis and beyond:
- Be Proactive About Dual Authentication: There has been a surge of multiple new accounts tied to the same underlying user profile opening concurrently. This creates an opportunity for origination fraud where an account looks legitimate after it remains dormant for some time.
- Defend Against Card Testing: For fraudsters, card testing can be an effective method to verify stolen card credentials are valid – and small and medium businesses are often the target of card testing attacks.
- Active fraud & security monitoring: Remaining vigilant to new vectors and securing the payment infrastructure is key to preventing cyberattacks.