orange arrow

Coronavirus in Italy: Lessons Learned

Around the world, public health officials are analyzing the coronavirus (COVID-19) transmission in countries with earlier outbreaks in effort to model scenarios, refine preparations, and identify mismanagement and best practices in dealing with the devastating epidemic. With Italy being a hotspot, we at Q6 Cyber set out to analyze recent cybercriminal and fraud activity there so as to learn what we can anticipate in other parts of the world where the epidemic is on the rise.

Not surprisingly, we saw a spike in cyberattacks and fraud campaigns targeting Italian corporations and consumers. Bad actors, especially sophisticated ones, view the current epidemic as a golden opportunity and are deploying more resources toward criminal operations in Italy. Leveraging our unique access to invitation-only Dark Web and Cybercriminal Underground sources, we observed cybercriminals and fraudsters discussing the opportunities and vulnerabilities created by seismic shift in daily life in Italy:

  • Fewer Defenders: As security and anti-fraud professionals work remotely, often with reduced access and productivity, or unable to work while caring for ill relatives or sick themselves, attackers perceive a unique window of opportunity to strike when ‘nobody is watching’.
  • Remote Work: With employees working from home and accessing sensitive systems and data, some even using personal computers, attackers do not have to contend with robust security infrastructures that protect corporate networks, making the ‘targets’ easier to compromise.
  • Digital Transactions: The lockdown is forcing people to conduct financial transactions digitally through online banking and payments, even those who may otherwise be less disposed (e.g., the elderly). Fraudsters are ferociously seizing on the increase in potential victims, especially those less savvy and less security-conscious.
  • Relaxed Controls: Experienced fraudsters expect financial and other organizations to relax anti-fraud controls to support their customers in this period of emergency, presenting the opportunity to execute fraud schemes tailored to take advantage of such letup.
  • Witting Partners: As more and more people lose their jobs and feel the financial squeeze, bad actors can more easily recruit witting partners to commit a range of cyber and financial crimes.
A post on an underground forum regarding opportunities to exploit the coronavirus epidemic for fraud
A post on an underground forum regarding opportunities to exploit the coronavirus epidemic for fraud

Implications for the Rest of Us

With the pandemic picking up steam around the world and more countries implementing shutdowns and other restrictive measures, we expect cybercriminals and fraudsters to double down their attacks and take advantage of the same dynamics playing out in Italy. Undoubtedly, organizations must first address the well-being of their employees, customers, and other stakeholders, and ensure continuity of business operations. At the same time, to avoid mounting fraud losses and damaging cyberattacks during this vulnerable period, organizations must empower anti-fraud and security teams with the necessary resources and tools. For example, implementing robust processes and controls for remote employee access, or e-crime intelligence to proactively identify financial mules, are important initiatives that organizations should immediately consider taking.