Pandemic effect: Cybercrime on the rise
Between February and May 2020, more than half a million people throughout the world were affected by data breaches in which video conferencing users' personal information was stolen and sold on the dark web. More individuals are imprisoned at home as a result of the COVID-19 epidemic and the subsequent lockdown; they are increasingly reliant on the Internet.As businesses adapt to a new operating paradigm in which working from home has become the "new normal," the coronavirus pandemic has presented new obstacles.
Businesses are speeding up their digital transformations, and cyber security has become a big worry. If cyber security concerns are ignored, the consequences for reputation, operations, legality, and compliance could be severe.The COVID-19 epidemic and the ensuing lockdown resulted in many more individuals being trapped at home, with many more hours to spend online each day and a growing reliance on the Internet to receive services that they would normally obtain offline.
The dangers of cybercrime have existed for many years, but the rise in the percentage of the population connected to the Internet and the amount of time spent online, combined with the sense of detainment and anxiety and fear generated by the lockdown, has provided more opportunities for cybercriminals to profit or cause disruption. It's crucial to remember that some of the population's most vulnerable groups, such as children, require more time online for services like schooling. This sea change in how we live and utilise the Internet has resulted in an increase in e-crime.
The use of common cybercrime methods like phishing has increased. Phishing is the deceptive tactic of tricking people into giving up personal information like passwords and credit card numbers by using bogus websites or emails. New information obtained by Google and evaluated by Atlas VPN, a virtual private network (VPN) service provider, sheds more light on the scale of the problem. According to the data, Google recorded 149,900 active phishing websites in January. That number nearly doubled to 293,000 in February. However, in March, that number had risen to 522000, a 350% increase over January.Government limitations in reaction to the coronavirus pandemic have pushed employees to work from home or even "stay at home." As a result, technology has grown in importance in both our professional and personal lives.
Despite the increased demand for technology, many companies still do not provide a "cyber-safe" remote-working environment. Whereas most business meetings used to be held in person, they are now mostly held online.The COVID-19 outbreak in Pakistan has exacerbated crucial economic constraints as well as governance and internal security concerns. The outbreak has also ushered in a slew of changes involving organised crime and non-state actors, necessitating increased vigilance in tracking these trends.The Financial Action Task Force (FATF) had granted Pakistan a three-month extension to submit its compliance report due to the pandemic's massive impact on the country's economy. The revised deadline, set for September of last year, was set to give the administration more time to focus on the economy and implement meaningful anti-money laundering and anti-terrorist funding measures.
Pakistan seemed to have taken advantage of the situation and taken steps to meet FATF regulations more quickly. Following a brief COVID-19 closure, the interior ministry began work on one of the FATF's top priorities: creating a database to combat money laundering and terror funding.
Two new anti-terrorism courts opened in April, bringing the total number of anti-terrorism courts to four since the first two began in December 2019. These tribunals are meant to devote judicial capacity to prosecutions involving terror financing.In the meantime, Prime Minister Imran Khan had launched a tax amnesty programme that will allow people to invest their dirty money in the construction sector. Economists were concerned that it would generate problems with the FATF, which had previously warned that criminals could use the pandemic to commit financial fraud and exploit scams.
A large number of people's names were also removed from Pakistan's national counter-terrorism authority's watch list. The list was created with the intention of assisting financial institutions in avoiding doing business with terrorism suspects.According to a Pakistani official from the interior ministry, it was revised since it had become "bloated with many inaccuracies." As a result of these developments, the FATF may face new challenges in the future. COVID-19 has also resulted in an increase in online traffic, which has heightened the predicted threat of cybercrime, including new web-based exploitation tactics, bogus charity fundraising, and numerous medical scams.
In response, the Pakistan Telecommunication Authority (PTA) has warned against using public Wi-Fi networks, while the Federal Investigative Agency (FIA) and financial institutions have started a social-media awareness campaign.
A major data breach affecting 115 million mobile users was found in April. Senator Rehman Malik responded by directing the FIA and PTA to investigate and report on the darknet data sales.There has also been an increase in parental concerns about minors being targeted for personal information, photos, and financial information. As a result, the FIA's Cyber-Crime Wing (CCW) issued new cautions, suggesting that internet connections be closely monitored.Six Nigerian gangs were recently apprehended for defrauding Pakistani citizens, with a particular focus on rural residents. Scammers targeted Americans using a variety of social media platforms, including Facebook, LinkedIn, YouTube, and Tinder, and promised millions of dollars in return. Twenty people were detained.
Despite a 40% rise in internet usage since the COVID-19 outbreak and the increased danger of criminality, the FIA claims that cybercrime has reduced. The CCW said in a statement that this was due to the agency's "successful actions." Many business owners, however, have disputed this notion, claiming that their own anti-fraud tactics, such as having separate bank accounts, are to blame for decreased cybercrime rates.
Six Nigerian gangs were recently apprehended for defrauding Pakistani citizens, with a particular focus on rural residents. Scammers targeted Americans using a variety of social media platforms, including Facebook, LinkedIn, YouTube, and Tinder, and promised millions of dollars in return.
Twenty people were detained.Despite a 40% rise in internet usage since the COVID-19 outbreak and the increased danger of criminality, the FIA claims that cybercrime has been reduced. The CCW said in a statement that this was due to the agency's "successful actions." Many business owners, however, have disputed this notion, claiming that their own anti-fraud tactics, such as having separate bank accounts, are to blame for decreased cybercrime rates.The full impact of the COVID-19 epidemic has yet to be determined, but it is apparent that it has already confronted Pakistan with numerous new obstacles.
The state's capacity to focus efforts on people's health and safety while also seeking to stabilise Pakistan's economy is being harmed by an apparent increase in drug trafficking and other risks.
Despite encouraging results like narcotics seizures and a purported decrease in cybercrime, caution must be exercised to prevent criminals from profiting from these difficult times. Although the FATF deadline extension has relieved some pressure, recent government actions represent a red flag that must be closely monitored.
The website of the Federal Board of Revenue was hacked a few weeks ago, exposing the most sensitive information.In June of last year, the music streaming website "Patari" was also hacked, with hackers releasing the personal information of 257,000 members on the dark web.
This cybercrime analysis is based on the Cyber Crime Wing of the Federal Investigation Agency (FIA) of Pakistan's guidebook:
According to this guidebook, the FIA's Cyber Crime wing received 84,764 complaints of various types in 2020, as shown in the chart below.
Serial No. |
Type |
Number complaints |
|
Financial Fraud |
20,218 |
|
Hacking |
7,966 |
|
Fake Profiles/Identity Theft |
4,456 |
|
Cyber Harassment/ Threats |
6,023 |
|
Defamation 6,004 |
6,004 |
|
Cyber Blackmailing |
3,447 |
|
Hate Speech |
892 |
During the COVID-19 pandemic in Pakistan, major cyber offences and the number of complaints, inquiries, and cases are as shown below:
Serial No |
Category of crime |
Complaint |
Enquiry |
Case |
|
Electronic Financial Fraud |
32,324 |
3706 |
154 |
|
Cyber Harassment |
6,023 |
2694 |
79 |
|
Cyber Defamation |
6,009 |
Nil |
Nil |
|
Cyber Blackmailing |
3,447 |
1826 |
222 |
|
Hate Speech |
892 |
51 |
54 |
|
Sale & Provision of Illegal Sims |
195 |
174 |
29 |
|
Child Pornography |
83 |
173 |
24 |
|
Identity Theft
|
4,456 |
174 |
29 |
|
Cyber Terrorism |
26 |
04 |
Nil |
|
Misuse of Crypto-currency |
20 |
Nil |
Nil |
What can we do to improve cyber-security while working from home?
Employees who work from home on their personal computers (or even those who use a company-owned device) should follow basic cyber hygiene guidelines. These are some of them:
• Antivirus protection softwareAntivirus and malware software licences should be offered to employees for usage on their own computers. While this does not give failsafe protection, it does stop a lot of low-level threats.
• Cyber security awareness is critical.Best practises and procedures for regulating the sending of emails or other content to private email addresses and/or cloud storage should be presented to employees.
• Be cautious of phishing scams.When receiving emails, employees should be cautious and double-check the sender's address for validity.
• At-home network securityEmployees should make sure that their home Wi-Fi is password protected.
• Use a virtual private network (VPN). Virtual private networks (VPNs) provide an additional layer of security for internet use at home. They cannot be relied on to prevent cyber-attacks on their own, but they can serve as an effective deterrent. Businesses can use a few basic cyber security tactics.
• Look for flaws in your system. Every information technology system has flaws. Companies should conduct testing to discover vulnerabilities and repair the most serious ones as quickly as possible. Vulnerability scanning or various types of penetration testing exercises are examples of this. Hardening of technological infrastructure components should also be carried out.
• Regular evaluations. Companies should assess their cyber security risk exposure on a regular basis and determine whether their present measures are adequate. Any new types of attacks that have lately surfaced should be taken into account during these reviews.
• Refresh business continuity and disaster recovery plans. Lines of business Managers must keep their company continuity strategies up-to-date and take cyber-attack situations into consideration.
• Using new technology and tools are examples of more sophisticated actions that can be done. To enhance the security of remote working, companies can utilise advanced technologies like host checking (a programme that checks the security posture of an endpoint before approving access to corporate information systems).
• Intelligence-gathering methods. Businesses should encourage the proactive use of cyber threat information to identify and address important indications of attacks (IOC).
• Contingency planning. For better risk management, businesses can use governance, risk, and compliance (GRC) systems. GRC solutions give you a clear picture of your company's risk exposure and help you connect the dots between different risk disciplines (e.g. cyber security, operational risks, business continuity).
• Be ready for an attack. Companies are recommended to conduct frequent cyber crisis simulation exercises to prepare for a cyber-attack in these high-risk times.
• There is no such thing as trust. CISOs and CIOs should think about creating a zero-trust cyber security strategy. Only authenticated and authorised users and devices are allowed access to apps and data in this security paradigm. It calls into question the notion of "access allowed by default."
Most executive committee meetings include a discussion on cyber security, but given the rising threats during the pandemic, it may be given special focus. In the midst of the coronavirus's second wave, and concerns about a potential third wave, businesses should be proactive in addressing risks, planning measures to prevent successful cyber-attacks rather than reacting when they do. Although prevention measures are crucial, cyber-attack detection, response, and recovery skills are also required.
This pandemic has taught us that the key to properly managing the hazards associated with cyber-attacks is to plan ahead. The capacity to react swiftly to unexpected occurrences can help to mitigate the damage of a cyber-attack. Businesses that have already benefited from secure remote working capabilities will be better prepared to deal with the ongoing rise in cyber threats. Companies that were caught off guard will need to review their cyber threat exposure swiftly and prioritise activities to close cyber security weaknesses in accordance with best practises.
Furthermore, for firms enabling remote access to confidential and sensitive data, corporate-owned devices should be the standard.When accessing company data from a personal device is permissible, cyber risks should be considered and steps made to prevent cyber threat exposure. The reality is that businesses must shift their focus from "if" to "when," and acknowledge that data breaches and ransom ware may be financially disastrous. It's also worth remembering that money gain isn't the main reason for hacks. A new menace is "hacktivism," which aims to harm business reputations.There are steps that may be taken to reduce the chance and severity of a cyber-attack, but they require concentrated activity and planning. Companies must improve their development and deployment of security measures to make remote working practises more resilient to cyber-attacks.