Illustration: Eniola Odetunde/Axios
Cyber criminal networks and individual opportunists have leveraged the coronavirus crisis to ramp up schemes to defraud businesses, credulous consumers and governments at all levels.
The big picture: This new wave of cyber crime, documented in a series of indictments, public disclosures and statements from U.S. officials, illustrates why the U.S. government sometimes refers to the “big four plus one” of cyber threats.
- The big four are the traditional quartet of states known for their cyber capabilities: Russia, China, Iran and North Korea.
- The “plus one” refers to cash-rich and increasingly adept cyber criminal operations that have now earned equal footing with nation-states.
What’s happening: Since the coronavirus crisis exploded domestically in March, U.S. authorities have mobilized to combat a torrent of related cyber crime. The Justice Department and FBI convened a COVID-19 Working Group, which coordinates closely with the U.S. Secret Service, Cybersecurity and Infrastructure Security Agency, and other agencies.
By the numbers: The scope of the problem is overwhelming. By late May, the FBI’s Internet Crime Complaint Center had received 320,000 complaints over the course of the year, compared to roughly 400,000 complaints in all of 2019.
The FBI: The agency has tracked an increase in online and other fraud related to the Paycheck Protection Program (PPP), which gives loans to small businesses to keep employees on the payroll.
- The FBI has launched nearly 100 investigations into PPP-related fraud that involve $42 million in funds, and it's clawed back $900,000 from fraudsters.
- But in some cases, cyber criminals have successfully had victims wire funds to international bank accounts shielded from U.S. law enforcement.
The Secret Service: The acute nature of coronavirus-related fraud has led the U.S. Secret Service, which plays a major role in federal cyber crime investigations, to focus on quickly disrupting these schemes and protecting victims, rather than building prosecutable cases against offenders.
- Investigators are returning to the question of prosecution after these disruptions have taken place, knowing that quick action may have affected their ability to arrest wrongdoers.
Health care targets: Earlier this year, some cyber criminal groups announced that they were suspending their targeting of the health care sector during the coronavirus crisis. But attacks haven’t stopped.
- In at least one instance, a group that publicly forswore targeting health care entities quietly compromised a health care company.
- Cyber criminals are also pumping fake coronavirus cures and treatments.
Stimulus targets: Recently, large-scale stimulus fraud has become a major focus for cyber criminal groups.
- For instance, cyber criminals, aware of U.S. government efforts to prop up consumer spending, have crafted their messages around recent individual payments to taxpayers, with these groups engaging in stimulus-themed spear-phishing campaigns.
PPE targets: Earlier in the outbreak, much coronavirus-related fraud involved the purchase of personal protective equipment (PPE), which cities and states scrambled to acquire in the initial aftermath of the outbreak in the United States.
- Using middlemen, states and cities made PPE purchases, sometimes worth many millions of dollars, to procure PPE from foreign countries.
- Price gouging has been common, and sometimes the transactions have been fraudulent — leading the FBI to step in and stop entire bulk purchases. (In some cases, the federal government and U.S. states battled over PPE orders, leading to charges of political intervention.)
The bottom line: The types of attacks and vectors used by cyber criminals haven't changed in the COVID-19 era.
- These groups still favor business email compromise and ransomware, for example, often via social engineering schemes, but are updating their content to relate to the coronavirus.
- From 2014 to late 2019, complaints to the FBI regarding business email compromise scams totaled “more than $2.1 billion in actual losses.”