How cybercrime has evolved since the pandemic hit

Opportunistic agility is running rampant among hackers and scammers.

How cybercrime has evolved since the pandemic hit
  • McAfee's user base has been seeing an average of 375 new threats per minute during the pandemic.
  • Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?
  • Ransomware on cloud servers, hijack attempts on IoT gadgets and business email compromise (BEC) attacks increased in volume as well as sophistication over the course of Q3 2020.

From a meta-historical perspective, crime waves have a tendency to rear their heads at times of societal chaos, and the sudden arrival of the coronavirus pandemic brought chaotic conditions that were particularly ripe for cybercrime.

In most companies, cybersecurity was a little-noticed casualty in the rush to transform digitally, support remote working, and keep customer-facing apps and services running as the new normal set in. Understandably, organizations prioritized keeping the lights on. Millions of people moved online, including individuals without much experience of working or shopping through the internet, and with equally poor cybersecurity awareness.

There's no debate about whether hacking and other malicious cyberattacks have increased. McAfee alone reports that malware grew 1,902 percent over the past four quarters, and the company's user base has been seeing an average of 375 new threats per minute during the pandemic. It's clear that cybercrime is flourishing in these conditions.

Credit: McAfee

But beyond the many reports that cybercrime has surged, there's been proportionately little talk about how it's changed. Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?

Here are four ways that cybercrime has visibly adapted to the changing conditions of 2020.

Deploying pandemic-related attack strategies

One of the notable ways that attacks were especially effective at the start of the pandemic was the manner in which they directly took advantage of the confusion caused by the situation. COVID-19 related phishing emails raised phishing attacks overall by 68 percent. There was also a marked uptick in business email compromise (BEC) attacks, where the criminal masquerades as a legitimate company and attempts to convince the victim that the coronavirus chaos forced them to change their banking details.

Cybercriminals have adjusted their targeting and tactics to follow the spread of COVID-19, with the spike beginning in Asia before shifting to Europe and the U.S. Now, as people are returning to work, phishing emails and malware have switched gears. Instead of claiming to educate you about the virus, they are disguised as guides to helping workers return safely to the office.

"What's clear is that hackers are hoping to capitalize on public fear," says Dr. Alex Tarter, Chief Cyber Consultant and CTO at Thales. "As a global population we have proactively sought out as much information as we can find to help inform our day-to-day lives, but also make us feel safe. Many of instances of cybercrime in the wake of COVID-19 have been designed with this fear in mind."

In this vein, malware, mobile malware and fileless malware have skyrocketed, using pandemic-related topics to play on people's fears and lure them to malicious URLs. Tarter estimates that half of all COVID-19-related domain names created since December 2019 were set up with the purpose of injecting malware, with many of these domains spoofing content from genuine websites in order to mask their intent.

Aiming at broader targets 

Another distinct trend is the shift to a broader attack surface. As work moved out of "on-premises" network environments, bad actors have followed us onto the cloud, so cloud-related breaches have increased. Protecting your server isn't sufficient; you need to connect all the dots and cover every connected device, because your cloud-connected printer is the backdoor to your entire organization.

Cybercriminals have long since woken up to the fact that IoT devices are often the weakest links in any system. IoT-focused attacks have grown in number and in impact, with a 46 percent rise in the number of attacks on smart homes, smart enterprises, and control systems that are connected to critical infrastructure.

Taking advantage of urgency and pressure 

Cybercriminals are taking advantage of the pressure that organizations are under to remain operational by expanding ransomware attacks, which doubled from 200,000 in Q1 2020 to 400,000 in Q2. Health centers are a popular target, because hackers know that they are overwhelmed with critical patients and can't afford the time it will take to resolve the attack, so they are more likely to give in and pay the ransom than struggle to combat and cure it.

A few weeks ago in Germany, a patient was unable to receive care when a ransomware attack on Düsseldorf University Hospital disrupted the emergency care unit, forcing them to transfer her to another hospital to receive critical care. The patient died during the journey, a cybercrime first.

Credit: Trend Micro

New ransomware families are emerging, using more sophisticated, phased attack strategies that are more difficult to rectify. Trend Micro has identified a 36 percent jump in new ransomware families, compared with the same period in 2019. Hackers know that IT and security teams are operating remotely, without access to their usual tools and processes and often without experience in dealing with an attack remotely, which handicaps their ability to resolve it quickly.

Exploiting remote work vulnerabilities 

Hackers have been quick to respond to the sudden rush to remote working. In the urgency of the moment, many companies implemented trusted VPN services for employees working from home, or set up a remote desktop, without configuring them properly, thereby opening the doors to hackers. In March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted businesses to elevated risks of VPN abuse.

A number of cloud tools are poorly protected. Zoom, for example, has become a lifeline for businesses and schools, but it has serious security vulnerabilities. It's no coincidence that individuals and educational organizations have been the targets of so many cyber attacks during the pandemic; they are (rightly) perceived as the most vulnerable.

Shadow IT use rose when employees sent home from the office had no choice but to use their personal laptops for sensitive work-related tasks, but these devices are rarely protected as well as an office computer.

Phishing attacks rose in part because many employees switched to work remotely almost overnight, without any training to independently recognize phishing scams. The average employee isn't equipped to deal with them, and at home there's no security team on hand to immediately respond to questions and defuse the threat.

Cybercrime adapted quickly to COVID-19 chaos

The coronavirus pandemic increased chaos in the world, and that presented a golden opportunity to malicious actors and hackers of all types. COVID-19 saw cybercrime shift to cynically exploit fears about the pandemic, take advantage of hasty shifts to remote working, attack overstretched critical infrastructure like health industries, and aim at broader targets across organizations. IT teams can't afford to fall behind as the ongoing struggle with cybercrime enters a new phase.

U.S. Navy controls inventions that claim to change "fabric of reality"

Inventions with revolutionary potential made by a mysterious aerospace engineer for the U.S. Navy come to light.

U.S. Navy ships

Credit: Getty Images
Surprising Science
  • U.S. Navy holds patents for enigmatic inventions by aerospace engineer Dr. Salvatore Pais.
  • Pais came up with technology that can "engineer" reality, devising an ultrafast craft, a fusion reactor, and more.
  • While mostly theoretical at this point, the inventions could transform energy, space, and military sectors.
Keep reading Show less

COVID and "gain of function" research: should we create monsters to prevent them?

Gain-of-function mutation research may help predict the next pandemic — or, critics argue, cause one.

Credit: Guillermo Legaria via Getty Images

This article was originally published on our sister site, Freethink.

"I was intrigued," says Ron Fouchier, in his rich, Dutch-accented English, "in how little things could kill large animals and humans."

It's late evening in Rotterdam as darkness slowly drapes our Skype conversation.

This fascination led the silver-haired virologist to venture into controversial gain-of-function mutation research — work by scientists that adds abilities to pathogens, including experiments that focus on SARS and MERS, the coronavirus cousins of the COVID-19 agent.

If we are to avoid another influenza pandemic, we will need to understand the kinds of flu viruses that could cause it. Gain-of-function mutation research can help us with that, says Fouchier, by telling us what kind of mutations might allow a virus to jump across species or evolve into more virulent strains. It could help us prepare and, in doing so, save lives.

Many of his scientific peers, however, disagree; they say his experiments are not worth the risks they pose to society.

A virus and a firestorm

The Dutch virologist, based at Erasmus Medical Center in Rotterdam, caused a firestorm of controversy about a decade ago, when he and Yoshihiro Kawaoka at the University of Wisconsin-Madison announced that they had successfully mutated H5N1, a strain of bird flu, to pass through the air between ferrets, in two separate experiments. Ferrets are considered the best flu models because their respiratory systems react to the flu much like humans.

The mutations that gave the virus its ability to be airborne transmissible are gain-of-function (GOF) mutations. GOF research is when scientists purposefully cause mutations that give viruses new abilities in an attempt to better understand the pathogen. In Fouchier's experiments, they wanted to see if it could be made airborne transmissible so that they could catch potentially dangerous strains early and develop new treatments and vaccines ahead of time.

The problem is: their mutated H5N1 could also cause a pandemic if it ever left the lab. In Science magazine, Fouchier himself called it "probably one of the most dangerous viruses you can make."

Just three special traits

Recreated 1918 influenza virionsCredit: Cynthia Goldsmith / CDC / Dr. Terrence Tumpey / Public domain via Wikipedia

For H5N1, Fouchier identified five mutations that could cause three special traits needed to trigger an avian flu to become airborne in mammals. Those traits are (1) the ability to attach to cells of the throat and nose, (2) the ability to survive the colder temperatures found in those places, and (3) the ability to survive in adverse environments.

A minimum of three mutations may be all that's needed for a virus in the wild to make the leap through the air in mammals. If it does, it could spread. Fast.

Fouchier calculates the odds of this happening to be fairly low, for any given virus. Each mutation has the potential to cripple the virus on its own. They need to be perfectly aligned for the flu to jump. But these mutations can — and do — happen.

"In 2013, a new virus popped up in China," says Fouchier. "H7N9."

H7N9 is another kind of avian flu, like H5N1. The CDC considers it the most likely flu strain to cause a pandemic. In the human outbreaks that occurred between 2013 and 2015, it killed a staggering 39% of known cases; if H7N9 were to have all five of the gain-of-function mutations Fouchier had identified in his work with H5N1, it could make COVID-19 look like a kitten in comparison.

H7N9 had three of those mutations in 2013.

Gain-of-function mutation: creating our fears to (possibly) prevent them

Flu viruses are basically eight pieces of RNA wrapped up in a ball. To create the gain-of-function mutations, the research used a DNA template for each piece, called a plasmid. Making a single mutation in the plasmid is easy, Fouchier says, and it's commonly done in genetics labs.

If you insert all eight plasmids into a mammalian cell, they hijack the cell's machinery to create flu virus RNA.

"Now you can start to assemble a new virus particle in that cell," Fouchier says.

One infected cell is enough to grow many new virus particles — from one to a thousand to a million; viruses are replication machines. And because they mutate so readily during their replication, the new viruses have to be checked to make sure it only has the mutations the lab caused.

The virus then goes into the ferrets, passing through them to generate new viruses until, on the 10th generation, it infected ferrets through the air. By analyzing the virus's genes in each generation, they can figure out what exact five mutations lead to H5N1 bird flu being airborne between ferrets.

And, potentially, people.

"This work should never have been done"

The potential for the modified H5N1 strain to cause a human pandemic if it ever slipped out of containment has sparked sharp criticism and no shortage of controversy. Rutgers molecular biologist Richard Ebright summed up the far end of the opposition when he told Science that the research "should never have been done."

"When I first heard about the experiments that make highly pathogenic avian influenza transmissible," says Philip Dormitzer, vice president and chief scientific officer of viral vaccines at Pfizer, "I was interested in the science but concerned about the risks of both the viruses themselves and of the consequences of the reaction to the experiments."

In 2014, in response to researchers' fears and some lab incidents, the federal government imposed a moratorium on all GOF research, freezing the work.

Some scientists believe gain-of-function mutation experiments could be extremely valuable in understanding the potential risks we face from wild influenza strains, but only if they are done right. Dormitzer says that a careful and thoughtful examination of the issue could lead to processes that make gain-of-function mutation research with viruses safer.

But in the meantime, the moratorium stifled some research into influenzas — and coronaviruses.

The National Academy of Science whipped up some new guidelines, and in December of 2017, the call went out: GOF studies could apply to be funded again. A panel formed by Health and Human Services (HHS) would review applications and make the decision of which studies to fund.

As of right now, only Kawaoka and Fouchier's studies have been approved, getting the green light last winter. They are resuming where they left off.

Pandora's locks: how to contain gain-of-function flu

Here's the thing: the work is indeed potentially dangerous. But there are layers upon layers of safety measures at both Fouchier's and Kawaoka's labs.

"You really need to think about it like an onion," says Rebecca Moritz of the University of Wisconsin-Madison. Moritz is the select agent responsible for Kawaoka's lab. Her job is to ensure that all safety standards are met and that protocols are created and drilled; basically, she's there to prevent viruses from escaping. And this virus has some extra-special considerations.

The specific H5N1 strain Kawaoka's lab uses is on a list called the Federal Select Agent Program. Pathogens on this list need to meet special safety considerations. The GOF experiments have even more stringent guidelines because the research is deemed "dual-use research of concern."

There was debate over whether Fouchier and Kawaoka's work should even be published.

"Dual-use research of concern is legitimate research that could potentially be used for nefarious purposes," Moritz says. At one time, there was debate over whether Fouchier and Kawaoka's work should even be published.

While the insights they found would help scientists, they could also be used to create bioweapons. The papers had to pass through a review by the U.S. National Science Board for Biosecurity, but they were eventually published.

Intentional biowarfare and terrorism aside, the gain-of-function mutation flu must be contained even from accidents. At Wisconsin, that begins with the building itself. The labs are specially designed to be able to contain pathogens (BSL-3 agricultural, for you Inside Baseball types).

They are essentially an airtight cement bunker, negatively pressurized so that air will only flow into the lab in case of any breach — keeping the viruses pushed in. And all air in and out of the lap passes through multiple HEPA filters.

Inside the lab, researchers wear special protective equipment, including respirators. Anyone coming or going into the lab must go through an intricate dance involving stripping and putting on various articles of clothing and passing through showers and decontamination.

And the most dangerous parts of the experiment are performed inside primary containment. For example, a biocontainment cabinet, which acts like an extra high-security box, inside the already highly-secure lab (kind of like the radiation glove box Homer Simpson is working in during the opening credits).

"Many people behind the institution are working to make sure this research can be done safely and securely." — REBECCA MORITZ

The Federal Select Agent program can come and inspect you at any time with no warning, Moritz says. At the bare minimum, the whole thing gets shaken down every three years.

There are numerous potential dangers — a vial of virus gets dropped; a needle prick; a ferret bite — but Moritz is confident that the safety measures and guidelines will prevent any catastrophe.

"The institution and many people behind the institution are working to make sure this research can be done safely and securely," Moritz says.

No human harm has come of the work yet, but the potential for it is real.

"Nature will continue to do this"

They were dead on the beaches.

In the spring of 2014, another type of bird flu, H10N7, swept through the harbor seal population of northern Europe. Starting in Sweden, the virus moved south and west, across Denmark, Germany, and the Netherlands. It is estimated that 10% of the entire seal population was killed.

The virus's evolution could be tracked through time and space, Fouchier says, as it progressed down the coast. Natural selection pushed through gain-of-function mutations in the seals, similarly to how H5N1 evolved to better jump between ferrets in his lab — his lab which, at the time, was shuttered.

"We did our work in the lab," Fouchier says, with a high level of safety and security. "But the same thing was happening on the beach here in the Netherlands. And so you can tell me to stop doing this research, but nature will continue to do this day in, day out."

Critics argue that the knowledge gained from the experiments is either non-existent or not worth the risk; Fouchier argues that GOF experiments are the only way to learn crucial information on what makes a flu virus a pandemic candidate.

"If these three traits could be caused by hundreds of combinations of five mutations, then that increases the risk of these things happening in nature immensely," Fouchier says.

"With something as crucial as flu, we need to investigate everything that we can," Fouchier says, hoping to find "a new Achilles' heel of the flu that we can use to stop the impact of it."

The misguided history of female anatomy

From "mutilated males" to "wandering wombs," dodgy science affects how we view the female body still today.

Credit: Hà Nguyễn via Unsplash
Sex & Relationships
  • The history of medicine and biology often has been embarrassingly wrong when it comes to female anatomy and was surprisingly resistant to progress.
  • Aristotle and the ancient Greeks are much to blame for the mistaken notion of women as cold, passive, and little more than a "mutilated man."
  • Thanks to this dubious science, and the likes of Sigmund Freud, we live today with a legacy that judges women according to antiquated biology and psychology.
Keep reading Show less
Mind & Brain

Why do holidays feel like they're over before they even start?

People tend to reflexively assume that fun events – like vacations – will go by really quickly.