Cyber criminals exploit COVID-19 crisis

Cyber crime is on the rise globally as life moves online.

Criminals are using the coronavirus crisis as bait to hook people into a variety of cyber-scams.

Regulators have seen a “100% jump” in criminal activity online since the start of the pandemic.

Alee Fa’amoe, who represents OfReg at the National Emergency Operations Centre, said his office was constantly processing reports of new threats.

“We are responsible for national cyber-security,” he said. “We have a team of IT professionals who talk with each other about the threats they see – and the threats are constant.”

OfReg also receives reports from US federal cyber-security agencies and from the UK government.

For the most part, its role involves monitoring threats and advising businesses on how to guard themselves against attack.

The Royal Cayman Islands Police Service’s cyber-crime unit is also on high alert for new threats associated with the coronavirus.

“There has been an escalation in phishing emails since March 2020 globally, in particular playing on the public’s emotions – ‘act now or someone may die’,” Joanne Payne, a detective constable with the cyber-crime unit said in an emailed response to questions from the Cayman Compass.

Police say such scams are becoming more sophisticated and are often sent from email addresses set up to mimic legitimate and trusted businesses, like banks, hospitals or the World Health Organization.

Even the Cayman Compass was impacted when a fake news alert about COVID-19, purporting to come from the newspaper, was disseminated in March.

A fake email alert bearing the Compass Media name has started circulating locally and the public is being advised not to open or share the link.
A fake email alert bearing the Compass Media name was circulated in March.

Police say there have been no reports of Cayman Islands websites being successfully hacked in recent months.

In many cases, cyber-criminals are still using emails and passwords that were hijacked from an attack on the classifieds website EcayTrade in 2015.

“All reported cases within the COVID-19 period appear to be related to this business compromise,” Payne said.

Fa’amoe says that certain scams are specifically targeting the Cayman Islands, using the names of local businesses as a front to lull victims into a false sense of security. However, police and regulators believe the criminals are almost exclusively based overseas.

Work-from-home culture shift exploited

The workplace shift to home offices has also led to less-secure computers being looped into business networks.

“They can now get into the corporate network just by getting into your unprotected home computer,” said Fa’amoe.

The police’s Digital Forensic Hub was recently informed of a case involving a ransomware attack on a local business.

The criminals were able to exploit weaknesses in the system when employees remotely connected to the corporate network using their smartphones.

“There are extreme vulnerabilities with people working from home due to the lack of security their business systems would usually have,” Payne said.

To compound the problem, during the initial pandemic stages, IT professionals were very busy facilitating business transitions from office to home. During this time, Fa’amoe says, it appears that hackers tried to take advantage of overworked and distracted IT teams, making it easier for criminals to exploit weaknesses.

“We have seen a massive jump in cyber-attacks of all different flavours – ransomware specifically targeting healthcare providers, phishing attacks, brute force attacks,” he said.

OfReg advises IT professionals across Cayman of new threats on a regular basis.

Protecting the territory from cyber-threats is part of the national security response to COVID-19.

OfReg has the capacity to track the source IP addresses used to disseminate malware and block them from accessing Cayman’s networks. However, this is a complex, time-consuming and expensive process that would only be used when a specific malware is posing a threat to the country – for example, by targeting the national energy grid or the Health Services Authority.

The police cyber-team is not yet seeing a marked increase in reports of Cayman businesses being attacked. But they are concerned that the hype and fear around the health threat has also made it easier to lure people into clicking on phishing scams with a fake coronavirus alert.

“Bad actors are also actively exploiting the worldwide shortage of medical supplies created by the COVID-19 pandemic to target payments intended for ventilators, PPE, and cleaning products, whereby payment has been made urgently, and right into their hands,” added Payne.

Deloitte monitors business threats

Deloitte’s cyber practice is constantly monitoring threats to the region and globally and is providing updates to its clients and the business community in general.

Alexandra Simonova, director of the company’s risk advisory department, said organisations in Cayman and worldwide were facing numerous challenges on various fronts. She said ‘collaboration technology’, like Zoom and Microsoft Teams, is being targeted.

“We’ve seen many ransomware and phishing attacks in the region, as well as personal data breaches,” she said, adding the source of the threats ranges from bedroom hackers to sophisticated criminal organisations.

Ransomware – technology which allows cyber-criminals to lock individuals or businesses out of their computers or networks and asks for a ransom to regain access – is among the most common visible threats.

“There are ransomware services that people can just buy on the dark web and start using right away. They even have help-desk support,” she said.

Deloitte provides weekly briefings to the business community on current cyber-threats.

In its latest briefing, the company wrote, “Coronavirus-themed cyberattacks have now been confirmed in every country in the world.

“Targeted attacks are also on the rise – zeroing in not only on popular applications and platforms, but on industries across the board. With each passing week, the urgent need for heightened security vigilance, employee education, and a cyber risk-aware culture becomes clearer.”

If you value our service, if you have turned to us in the past few days or weeks for verified, factual updates, if you have watched our live streaming of press conferences or sent an article to a friend... please consider a donation. Quality local journalism was at risk before the coronavirus crisis. It is now deeply threatened. Even a small amount can go a long way to sustaining our mission of informing the public. We need our readers’ financial support now more than ever.