Kigali – According to last week’s tweet from Rwanda Investigation Bureau (RIB), on statistics of cybercrimes, cybercrimes increased by 72 per cent during theCovid-19 lockdown imposed countrywide. As a result, a considerable amount of money was stolen by cybercriminals. Of course, they took advantage that nowadays most of services are administered while relying more than ever on computer systems, mobile devices, and the Internet. This is, however, not a peculiar issue to Rwanda but a global challenge. It goes without saying that the Covid-19 pandemic renders individuals and society extremely vulnerable in all respects.
During this crisis, people pay for varied services digitally. There’s a reliance more than ever on computer systems, mobile devices and the Internet to work, communicate, shop, share and receive information and otherwise mitigate the impact of social distancing. So malicious actors are exploiting these vulnerabilities to their own advantage. Currently, findings show an increased wave of cyber-threats. These include phishing campaigns and malware distribution through seemingly genuine websites or documents providing information or advice on Covid-19 are used to infect computers and extract user credentials; ransomware shutting down medical, scientific or other health-related facilities where individuals are tested for Covid-19 or where vaccines are being developed in order to extort ransom; attacks against critical infrastructures or international organisations, such as World Health Organisation; ransomware targeting the mobile phones of individuals using apps that claim to provide genuine information on Covid-19 in order to extract payments; offenders obtaining access to the systems of companies or other organisations by targeting employees who are teleworking; fraud schemes where people are tricked into purchasing goods such as masks, hand sanitizers, but also fake medicines claiming to prevent or cure SARS-CoV-2; misinformation or fake news are spread by trolls and fake media accounts to create panic, social instability and distrust in governments or in measures taken by their health authorities et cetera. Just in April this year, the US Department of Homeland Security’s cybersecurity agency warned that cybercriminals and other groups would target Covid-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit. That these vulnerable targets include health care agencies, pharmaceutical companies, academia, medical research organisations and government agencies. Just the tip of the iceberg, quoted by Aljazeera, "UK, US, Canada accuse Russia of hacking virus vaccine trials”. The three national leged that hacking group APT29, also known as ‘Cozy Bear’, and said to be part of the Russian intelligence service, is attacking academic and pharmaceutical research institutions involved in coronavirus vaccine development. Whether hacking is from Russia or not, is subject to unarguable proof. But the truth is there have been attacks targeting Covid-19 vaccine research and development. Indeed, these countries accuse ‘Cozy Bear’ of using custom malicious software to target a number of organisations globally.
Another example, since the start of the Covid-19pandemic, the World Health Organisation (WHO) has seen a dramatic increase in the number of cyber-attacks directed at its staff, and email scams targeting the organisation at large. At least 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. However, the leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. In responding to these cyber-attacks, the WHO is establishing more robust internal systems and to strengthen security measures and is educating staff on cybersecurity risks. In the context of digital payments, there’s a steady rise of cyber threats targeting banks, e-commerce and other daily financial activities due to the fact millions of people have shifted their daily workplace and shopping to remote online networks and mobile devices.
Now, millions of consumers have shifted their banking and purchasing activity to online channels as well as digital payments due to the Covid-19 outbreak, which even forced mandatory stay-at-home orders. Besides, most major businesses ordered their employees from working at the office to working from home. The drastic changes in e-commerce and mobile banking created an entirely new target set for malicious actors to exploit weaknesses in remote corporate networks, merchant e-commerce sites and financial institutions dealing with massive increases in mobile banking transactions.
Undoubtedly, there’s an alarming rate of transnational organised crime groups who are leveraging specialist providers of cybercrime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns, distributed denial of service attacks, business email compromise scams and access mining. In other words, cybercriminals are increasingly sharing resources and information and reinvesting their illicit profits for the development of new, even more destructive capabilities.
Given that most of payment systems are digital, everyone will need to be extra-cautious and reinforce security measures. That’s to say, much more emphasis is needed to ensure that payment systems are safe. This calls for a more proactive role of law enforcement to engage in full cooperation to detect, investigate, attribute and prosecute the above offences and bring to justice those that exploit the Covid-19 pandemic for their own criminal purposes.
The writer is a law expert.
The views expressed in this article are of the author.