Hackers torn over how to adapt their tactics to the coronavirus pandemic

The hacking community is said to be split over how to adapt their tactics to the coronavirus crisis, with many thriving off the back of mass-remote working while other groups have seen their business models collapse overnight.

Despite a recent explosion in cyber criminal activity, the picture beneath the surface is far more complex, with different strands undergoing mixed fortunes, and another group of hackers refraining from engaging in any COVID-19-related activity whatsoever.

Nevertheless, businesses and individuals have certainly felt a crescendo of activity. With many individuals now working from home, and much more work and social activity being conducted online, the level of phishing has climbed sharply, for example.

Although cyber criminals are quickly adapting their operations to the changing world, the reactions among different groups have ranged from excitement to desperation, according to an analysis by Digital Shadows.

“Digital Shadows has observed threat actors operating on cybercriminal forums and marketplaces expressing their worries and a sense of desperation as to how the pandemic will affect their established business models,” the cyber security organisation said.

“Some are urgently trying to adapt their offerings to survive in this vastly changed landscape. Other cybercriminals see an opportunity to profit from mass hysteria and panic or take advantage of the increased online exposure that virus-tackling measures have inadvertently caused.”

With many workers around the UK forced to self-isolate and work from home, there’s been a marked rise in online shopping. Some cyber criminals are exploiting this trend by engaging in more carding activity, also termed the trafficking of payment information, because it’s more difficult to attribute fraud given the sheer rise in the volume of transactions.

Users on high-profile hacking forums have been predicting this trend for some time, and gearing their tools for the inevitable rise in online shopping. One user on a Russian-language platform, for example, observed that “everyone is afraid to go out on the streets” and so they’re choosing what they feel is the safer option.

This is part of a wider trend of cyber criminals enquiring as to how they can exploit the situation for personal gain. Many on exploit forums have also launched well-timed side-ventures that involve selling coronavirus face masks or miracle cures, having previously engaged in selling drugs or carding in the past.

There’s a divide between those pivoting to coronavirus exploits in order to increase their income and those doing it out of necessity given their collapsing business models. Specialist cyber criminal outfits, targeting aspects of work life such as travel or events, have seen revenues dry up overnight.

This form of fraud has been particularly hard-hit, given that people have refrained from flying en masse and that borders are closing around the world. One cyber fraudster offering fraudulent tickets for same-day events posted an update suggesting “everything is closed for 2 weeks” as a result of the cancellation of events.

Another user, who had for years targeted tourism, hotels, and air travel, started a thread headlined “find a job for an old man”.

He noted that “since the world decided to spin up a cool scam codenamed ‘coronavirus’ which will likely lead to another crisis... I am left without earnings for an indefinite period”.#

Not all cyber criminals are joining in with the trend of adapting their businesses to the coronavirus pandemic, however, with some deciding to take a step back entirely from this area for moral reasons.

Digital Shadows research from last month examining the reaction to COVID-19 across the dark web, found that some cyber criminals have been actively discouraging others from exploiting the crisis.

Many suggest that conventional cyber crime is lucrative enough that no pivots are necessary, while others have expressed solidarity with victims and shared personal stories about how coronavirus has affected them and their neighbourhoods.