Hackers come in all shapes and sizes, from all countries, all ages, male/female, all nationalities, and more. It’s not the lone hacker in a dark hoodie bent over his laptop in a dark room. It may be the pretty young redhead at the coffee shop, the middle-age next-door neighbor who was just laid off from work, the activist trying to disable a police department emergency services line, or the disgruntled citizen trying to disrupt a state unemployment office for denying her claim.
Just like with counter-espionage operations in intelligence agencies where we see various reasons for espionage (C.R.I.M.E. – Coercion Revenge Ideology Money Ego), we know that people perpetrate cyber crime for many reasons as well. Hacktivists are “hacking activists” for political or social change. Money via blackmail, ransomware, or just basic theft. Espionage, either nation-state or economic to steal trade secrets to benefit a country or a company. Disruption to wreak havoc (often these are known as script kiddies). Revenge against an organization or person.
During 2020 amid the pandemic we saw a marked increase in “opportunists”, that is, people who capitalize on unexpected events, often tragic events. They prey on those who are vulnerable because of the circumstances. They may use open source information to research people or organizations to perpetrate a charade that appears more realistic to the target (aka “victim”).
True to their name, these people seized upon the ‘opportunity’ to go after many people and organizations during the pandemic. The FBI reported a 300% increase in opportunistic cyber crime attacks by August of 2020.
By the mere nature of the pandemic, more people were working from home, shopping online, holding virtual meetings and more. For employers, they suddenly had to figure out how to keep their employees engaged while working from home. They were using home computers and/or home networks. End point security (devices such as laptops and tablets) as well as network security was no longer in their security control.
All this provided a tremendous opportunity for cyber hackers. Some of these attacks include fake COVID-19 trackers, fake charity websites, messages about the pandemic with hidden malware, and even attacking pharmaceutical and other healthcare organizations with ransomware. And for those having to meet by electronic meeting applications, we saw instances of “Zoombombing” where uninvited people hijack and disrupt video meetings.
These opportunists are equal opportunity criminals. They will go after companies of all sizes, government organizations, non-profits and individuals. They don’t care if they are affecting the production or distribution of life-saving materials and drugs. They are only focused on their reward.
The best thing an organization can do is to update technology (patching), implement security protocols and provide continuous security awareness training to all employees.