The FBI’s IC3 and Google report a major jump in the number of reported cybercrimes.
The FBI’s IC3, or its Internet Crime Complaint Center, has reported a major increase in received cybersecurity complaints each day, according to The Hill — who goes on to explain that the number of cybersecurity complaints went up from 1,000 complaints every day, to over 3,000 to 4,000 per day since the beginning of the COVID-19 pandemic.
Google has also reported a major jump in COVID-19 related phishing attacks. This is according to the Business Insider, who published an article detailing how Google is now blocking an average of over 18 million coronavirus email scams per day — along with 240 million daily spam messages.
The AMA and the AHA, otherwise known as the American Medical Association and the American Hospital Association, have even developed a cybersecurity resource to help guide those that are more susceptible to these phishing attacks.
The resource, titled “Working from home during the COVID-19 pandemic,” was designed in order to teach physicians working from home to strengthen their personal or business computers, networks, and even their medical devices, to fight against the rise of COVID-19-related cyber threats.
To delve even deeper into this sudden increase in cybercrimes, even the US Federal Trade Commission (FTC), had joined the conversation to report that it registered over 18,257 complaints related to COVID-19. A majority of which were reports of fraud, that consequentially, equaled to around $13.44 million in losses.
According to the FBI, for the most part, this sudden jump in cyber-risks can be attributed to both domestic and international hackers taking advantage of the increasing online activity of many Americans — who, as a result of the novel coronavirus, are working from home.
The increasing panic brought about by the global pandemic can also be considered a determining cause. As it has left many vulnerable to targeted COVID-19 phishing scams soliciting them for donations or asking them to download documents or apps filled with all kinds of malicious malware.
However, according to this article on The Hindu, cybersecurity agencies believe that the root of this sudden jump in cybercrimes may have been caused by something else altogether.
Specifically, the very real possibility of a massive unreported data breach.
Massive Data Breach Results in Increased Cybercrime
You may or may not remember, but approximately seven years ago, in 2013, Yahoo suffered from a massive data breach that leaked the personal information of all of its active accounts at the time. In fact, they had initially reported that only 1 billion accounts had been affected but, 10 months later, they corrected their figure to 3 billion.
This data breach is considered one of the biggest data breaches of its time. However, many more followed after that. Including big names like eBay, Marriott International, LinkedIn, Facebook, MyFitnessPal, Equifax, and so much more.
Data breaches like these can give cyber-criminals access to a person’s email address, phone number, credit card information, passwords, and other personally identifiable information that can make them more vulnerable to cyber-attacks.
That is why cybersecurity agencies are suspecting that the increase of cybercrimes involving COVID-19 may have been caused by a massive unreported data breach that happened a couple of days prior. Or, rather, that data from a long-ago data breach had just been sold underground.
There is no telling which is which, but both options are equally possible.
In fact, just three weeks ago, a company called Maropost was put into question after a news website reported that they had leaked millions of email addresses and other data. This turned out to be untrue, according to the Patch, who reports that “there was never an actual data breach.”
However, there are real reports of data breaches that happened at this time. Like the Marriott’s second data breach, which was discovered in February, that exposed the addresses and phone numbers of 5.2 million of its guests.
Or, even, the Zoom data breach, which according to a cybersecurity company called Cybel, has now resulted in millions of zoom accounts being shared freely or sold in underground forums online.
Apparently, Cybel had even been able to purchase half a million Zoom credentials practically for free ($0.002) from one of these underground forums. And, these purchased credentials were said to include email addresses, passwords, host keys, and personal meeting URLs. Not just of your average joe, but of big financial institutions like banks and colleges.
So, while we can’t say for sure whether there was an unreported massive data breach that caused the increase in COVID-19 cyber-attacks, we can definitely assume that these reported data breaches paved the way for quite a few of them.