COVID-19 in Italy: Fraud Lessons Learned
April 2nd, 2020
Around the world, public health officials are analyzing the coronavirus (COVID-19) transmission in countries with earlier outbreaks in an effort to model scenarios, refine preparations, and identify mismanagement and best practices in dealing with the current situation. With Italy being a hotspot, we at Q6 Cyber set out to analyze recent cybercriminal and fraud activity there to learn what we can anticipate in other parts of the world where the pandemic is on the rise.
Observing the Dark Web
Not surprisingly, we saw a spike in cyberattacks and fraud campaigns targeting Italian corporations and consumers. Bad actors, especially sophisticated ones, view the current epidemic as a golden opportunity and are deploying more resources toward criminal operations in Italy. Leveraging our unique access to invitation-only Dark Web and Cybercriminal Underground sources, we observed cybercriminals and fraudsters discussing the opportunities and vulnerabilities created by a seismic shift in daily life in Italy:
- Fewer Defenders: As security and anti-fraud professionals work remotely, often with reduced access and productivity, or are unable to work while caring for ill relatives or are sick themselves, attackers perceive a unique window of opportunity to strike when ‘nobody is watching’.
- Remote Work: With employees working from home and accessing sensitive systems and data, some even using personal computers, attackers do not have to contend with robust security infrastructures that protect corporate networks, making the ‘targets’ easier to compromise.
- Digital Transactions: The lockdown is forcing people to conduct financial transactions digitally through online banking and payments, even those who may otherwise be less disposed (e.g., the elderly). Fraudsters are ferociously seizing on the increase in potential victims, especially those who are less savvy and less security-conscious.
- Relaxed Controls: Experienced fraudsters expect financial and other organizations to relax anti-fraud controls to support their customers in this period of emergency, presenting the opportunity to execute fraud schemes tailored to take advantage of such letup.
- Witting Partners: As more and more people lose their jobs and feel the financial squeeze, bad actors can more easily recruit witting partners to commit a range of cyber and financial crimes.
A post on an underground forum regarding opportunities to exploit the coronavirus epidemic for fraud
Implications for the Rest of Us
With more countries implementing shutdowns and other restrictive measures, we expect cybercriminals and fraudsters to double down their attacks and take advantage of the same dynamics playing out in Italy. Undoubtedly, organizations must first address the well-being of their employees, customers, and other stakeholders, and ensure continuity of business operations. At the same time, to avoid mounting fraud losses and damaging cyberattacks during this vulnerable period, organizations must empower anti-fraud and security teams with the necessary resources and tools. For example, implementing robust processes and controls for remote employee access, or e-crime intelligence to proactively identify financial mules, are important initiatives that organizations should immediately consider taking.