How cybercrime has evolved since the pandemic hit

Opportunistic agility is running rampant among hackers and scammers.

How cybercrime has evolved since the pandemic hit
  • McAfee's user base has been seeing an average of 375 new threats per minute during the pandemic.
  • Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?
  • Ransomware on cloud servers, hijack attempts on IoT gadgets and business email compromise (BEC) attacks increased in volume as well as sophistication over the course of Q3 2020.

From a meta-historical perspective, crime waves have a tendency to rear their heads at times of societal chaos, and the sudden arrival of the coronavirus pandemic brought chaotic conditions that were particularly ripe for cybercrime.

In most companies, cybersecurity was a little-noticed casualty in the rush to transform digitally, support remote working, and keep customer-facing apps and services running as the new normal set in. Understandably, organizations prioritized keeping the lights on. Millions of people moved online, including individuals without much experience of working or shopping through the internet, and with equally poor cybersecurity awareness.

There's no debate about whether hacking and other malicious cyberattacks have increased. McAfee alone reports that malware grew 1,902 percent over the past four quarters, and the company's user base has been seeing an average of 375 new threats per minute during the pandemic. It's clear that cybercrime is flourishing in these conditions.

Credit: McAfee

But beyond the many reports that cybercrime has surged, there's been proportionately little talk about how it's changed. Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?

Here are four ways that cybercrime has visibly adapted to the changing conditions of 2020.

Deploying pandemic-related attack strategies

One of the notable ways that attacks were especially effective at the start of the pandemic was the manner in which they directly took advantage of the confusion caused by the situation. COVID-19 related phishing emails raised phishing attacks overall by 68 percent. There was also a marked uptick in business email compromise (BEC) attacks, where the criminal masquerades as a legitimate company and attempts to convince the victim that the coronavirus chaos forced them to change their banking details.

Cybercriminals have adjusted their targeting and tactics to follow the spread of COVID-19, with the spike beginning in Asia before shifting to Europe and the U.S. Now, as people are returning to work, phishing emails and malware have switched gears. Instead of claiming to educate you about the virus, they are disguised as guides to helping workers return safely to the office.

"What's clear is that hackers are hoping to capitalize on public fear," says Dr. Alex Tarter, Chief Cyber Consultant and CTO at Thales. "As a global population we have proactively sought out as much information as we can find to help inform our day-to-day lives, but also make us feel safe. Many of instances of cybercrime in the wake of COVID-19 have been designed with this fear in mind."

In this vein, malware, mobile malware and fileless malware have skyrocketed, using pandemic-related topics to play on people's fears and lure them to malicious URLs. Tarter estimates that half of all COVID-19-related domain names created since December 2019 were set up with the purpose of injecting malware, with many of these domains spoofing content from genuine websites in order to mask their intent.

Aiming at broader targets 

Another distinct trend is the shift to a broader attack surface. As work moved out of "on-premises" network environments, bad actors have followed us onto the cloud, so cloud-related breaches have increased. Protecting your server isn't sufficient; you need to connect all the dots and cover every connected device, because your cloud-connected printer is the backdoor to your entire organization.

Cybercriminals have long since woken up to the fact that IoT devices are often the weakest links in any system. IoT-focused attacks have grown in number and in impact, with a 46 percent rise in the number of attacks on smart homes, smart enterprises, and control systems that are connected to critical infrastructure.

Taking advantage of urgency and pressure 

Cybercriminals are taking advantage of the pressure that organizations are under to remain operational by expanding ransomware attacks, which doubled from 200,000 in Q1 2020 to 400,000 in Q2. Health centers are a popular target, because hackers know that they are overwhelmed with critical patients and can't afford the time it will take to resolve the attack, so they are more likely to give in and pay the ransom than struggle to combat and cure it.

A few weeks ago in Germany, a patient was unable to receive care when a ransomware attack on Düsseldorf University Hospital disrupted the emergency care unit, forcing them to transfer her to another hospital to receive critical care. The patient died during the journey, a cybercrime first.

Credit: Trend Micro

New ransomware families are emerging, using more sophisticated, phased attack strategies that are more difficult to rectify. Trend Micro has identified a 36 percent jump in new ransomware families, compared with the same period in 2019. Hackers know that IT and security teams are operating remotely, without access to their usual tools and processes and often without experience in dealing with an attack remotely, which handicaps their ability to resolve it quickly.

Exploiting remote work vulnerabilities 

Hackers have been quick to respond to the sudden rush to remote working. In the urgency of the moment, many companies implemented trusted VPN services for employees working from home, or set up a remote desktop, without configuring them properly, thereby opening the doors to hackers. In March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted businesses to elevated risks of VPN abuse.

A number of cloud tools are poorly protected. Zoom, for example, has become a lifeline for businesses and schools, but it has serious security vulnerabilities. It's no coincidence that individuals and educational organizations have been the targets of so many cyber attacks during the pandemic; they are (rightly) perceived as the most vulnerable.

Shadow IT use rose when employees sent home from the office had no choice but to use their personal laptops for sensitive work-related tasks, but these devices are rarely protected as well as an office computer.

Phishing attacks rose in part because many employees switched to work remotely almost overnight, without any training to independently recognize phishing scams. The average employee isn't equipped to deal with them, and at home there's no security team on hand to immediately respond to questions and defuse the threat.

Cybercrime adapted quickly to COVID-19 chaos

The coronavirus pandemic increased chaos in the world, and that presented a golden opportunity to malicious actors and hackers of all types. COVID-19 saw cybercrime shift to cynically exploit fears about the pandemic, take advantage of hasty shifts to remote working, attack overstretched critical infrastructure like health industries, and aim at broader targets across organizations. IT teams can't afford to fall behind as the ongoing struggle with cybercrime enters a new phase.

U.S. Navy controls inventions that claim to change "fabric of reality"

Inventions with revolutionary potential made by a mysterious aerospace engineer for the U.S. Navy come to light.

U.S. Navy ships

Credit: Getty Images
Surprising Science
  • U.S. Navy holds patents for enigmatic inventions by aerospace engineer Dr. Salvatore Pais.
  • Pais came up with technology that can "engineer" reality, devising an ultrafast craft, a fusion reactor, and more.
  • While mostly theoretical at this point, the inventions could transform energy, space, and military sectors.
Keep reading Show less

Why so gassy? Mysterious methane detected on Saturn’s moon

Scientists do not know what is causing the overabundance of the gas.

An impression of NASA's Cassini spacecraft flying through a water plume on the surface of Saturn's moon Enceladus.

Credit: NASA
Surprising Science
  • A new study looked to understand the source of methane on Saturn's moon Enceladus.
  • The scientists used computer models with data from the Cassini spacecraft.
  • The explanation could lie in alien organisms or non-biological processes.
Keep reading Show less

CRISPR therapy cures first genetic disorder inside the body

It marks a breakthrough in using gene editing to treat diseases.

Credit: National Cancer Institute via Unsplash
Technology & Innovation

This article was originally published by our sister site, Freethink.

For the first time, researchers appear to have effectively treated a genetic disorder by directly injecting a CRISPR therapy into patients' bloodstreams — overcoming one of the biggest hurdles to curing diseases with the gene editing technology.

The therapy appears to be astonishingly effective, editing nearly every cell in the liver to stop a disease-causing mutation.

The challenge: CRISPR gives us the ability to correct genetic mutations, and given that such mutations are responsible for more than 6,000 human diseases, the tech has the potential to dramatically improve human health.

One way to use CRISPR to treat diseases is to remove affected cells from a patient, edit out the mutation in the lab, and place the cells back in the body to replicate — that's how one team functionally cured people with the blood disorder sickle cell anemia, editing and then infusing bone marrow cells.

Bone marrow is a special case, though, and many mutations cause disease in organs that are harder to fix.

Another option is to insert the CRISPR system itself into the body so that it can make edits directly in the affected organs (that's only been attempted once, in an ongoing study in which people had a CRISPR therapy injected into their eyes to treat a rare vision disorder).

Injecting a CRISPR therapy right into the bloodstream has been a problem, though, because the therapy has to find the right cells to edit. An inherited mutation will be in the DNA of every cell of your body, but if it only causes disease in the liver, you don't want your therapy being used up in the pancreas or kidneys.

A new CRISPR therapy: Now, researchers from Intellia Therapeutics and Regeneron Pharmaceuticals have demonstrated for the first time that a CRISPR therapy delivered into the bloodstream can travel to desired tissues to make edits.

We can overcome one of the biggest challenges with applying CRISPR clinically.


"This is a major milestone for patients," Jennifer Doudna, co-developer of CRISPR, who wasn't involved in the trial, told NPR.

"While these are early data, they show us that we can overcome one of the biggest challenges with applying CRISPR clinically so far, which is being able to deliver it systemically and get it to the right place," she continued.

What they did: During a phase 1 clinical trial, Intellia researchers injected a CRISPR therapy dubbed NTLA-2001 into the bloodstreams of six people with a rare, potentially fatal genetic disorder called transthyretin amyloidosis.

The livers of people with transthyretin amyloidosis produce a destructive protein, and the CRISPR therapy was designed to target the gene that makes the protein and halt its production. After just one injection of NTLA-2001, the three patients given a higher dose saw their levels of the protein drop by 80% to 96%.

A better option: The CRISPR therapy produced only mild adverse effects and did lower the protein levels, but we don't know yet if the effect will be permanent. It'll also be a few months before we know if the therapy can alleviate the symptoms of transthyretin amyloidosis.

This is a wonderful day for the future of gene-editing as a medicine.


If everything goes as hoped, though, NTLA-2001 could one day offer a better treatment option for transthyretin amyloidosis than a currently approved medication, patisiran, which only reduces toxic protein levels by 81% and must be injected regularly.

Looking ahead: Even more exciting than NTLA-2001's potential impact on transthyretin amyloidosis, though, is the knowledge that we may be able to use CRISPR injections to treat other genetic disorders that are difficult to target directly, such as heart or brain diseases.

"This is a wonderful day for the future of gene-editing as a medicine," Fyodor Urnov, a UC Berkeley professor of genetics, who wasn't involved in the trial, told NPR. "We as a species are watching this remarkable new show called: our gene-edited future."