Ethics vs Dark Web in times of COVID-19
The dark web is an unindexed small fraction of deep web which cannot return results using the usual search engines. As the COVID-19 pandemic continues to spread across the world, researchers have witnessed an outbreak of opportunistic cyber scams.
While the domain of cyber-crime goes unnoticed by the majority of people, we cannot avert from its reality. The haywire caused by the pandemic turns out to be a boon for cybercriminals. As companies rush towards virtual business, they often reveal unexpected information security vulnerabilities. What do some of the discussions about COVID-19 on cybercriminal forums appear like? Considering the escalated search popularity of COVID-19 on the clear web, likewise, it has impacted the direction of discussions on these cybercriminal landscapes.
Unfortunately, there are still individuals that are overtly seeking to take advantage of the pandemic for profit. But, in a seemingly atypical move for a cybercriminal forum, these attempts are not always well-received. For example, one user took to Torum, a popular English-language dark web cybercriminal forum, to ask for advice on how best to take advantage of COVID-19, only to receive responses pleading them not to profit off the pandemic.
These cyber scams aim to exploit people’s fear and uncertainty concerning the virus’s spread. These can be broadly split into the following three categories:
- Phishing and social engineering scams
- Sale of fraudulent or counterfeit goods
- Misinformation
These scams are often targeted towards regions that have recorded significant numbers of COVID-19 cases. In late January 2020, a phishing campaign targeted individuals in Japan with emails claiming to be from disability welfare service providers and public health centers. The emails used entice of documents containing information on alerts of new COVID-19 infections as well as preventative measures against the virus. However, when accessed, the documents attempted to download and install Emotet, an information-stealing malware. Similarly, individuals in Italy, which have the highest number of confirmed infections of COVID-19 outside of China, were targeted by a phishing campaign in March 2020 which impersonated WHO officials and attempted to distribute the Trickbot trojan.
COVID-19 testing kits and healthcare equipment are in huge demand due to a global shortage. Illegal marketplaces on the dark web are trying to capitalize on this by selling for $92 per kit. Supplies like face masks and hand sanitizers have been out of stock at major retailers, and prices on e-commerce websites have in some cases tripled over the past months. This shortage is likely in part driven by the spread of misinformation. As previously stated, hundreds of potentially shady websites have popped up the claim to offer heavily discounted face masks and other healthcare equipment. Even if the products are legitimate, there is no guarantee that the products even exist.
A vaccine listed on the Agartha marketplace was priced at $300, composed of amphetamines, cocaine and nicotine. The same site featured dozens of listings for chloroquine and hydroxychloroquine, drugs claimed by US President Donald Trump as a potential treatment for COVID-19. Scientists have warned that there is no proof of the anti-malarial drug’s effectiveness and that it could be dangerous if not taken under a doctor’s supervision.
Ransomware groups are observed threatening people into paying money to unlock their computers. One ransomware sample observed by IntSights included a question-and-answer document that explained the hacker’s capabilities if the ransom wasn’t paid.
“If I want, I could even infect your whole family with the coronavirus, reveal all your secrets. There are countless things I could do,” the hacker wrote.
While it may seem obvious to most people as a hollow threat, it will work on some.
“These types of fear tactics work on a vulnerable population of people during a frightening pandemic,” the report says. “The hackers use these fear tactics because they work. We have also observed similar psychological tactics used in sextortion scams, in which the threat actor tells the victim that he has access to the victim’s camera or photos with evidence of wrongdoing.”
Social media platforms have also taken a proactive approach to help prevent the spread of misinformation related to COVID-19 by flagging posts which may be illegitimate and hiring third-party organizations to fact-check posts. When searching COVID-19-related terms on platforms like Twitter, Facebook, and even Instagram, users are prompted to obtain information from official sources. This also helps streamline the dissemination of legitimate information by providing centralized results.
This is particularly important during the current global health crises, where the ramifications of misinformation can be deadly. For instance, some recipes for making homemade hand sanitizers are not suitable for use on skin and can be ineffective in halting the transmission of COVID-19.
Cybercriminals are also using ‘corona’ or ‘covid’ as a part of their URLs to carry out phishing attacks. These attackers ask people to enter their email credentials and redirect them to a CDC (Centre for Disease Control and Prevention)article.
A recent investigation by security software firm Digital Shadows into dark web trends revealed that there has been pushback in criminal forums against taking advantage of the current situation for profit.
On the contrary, according to Digital Shadows analyst Alex Guirakhoo, “exploitation is not the universal reaction”.
It is easy to forget that cybercriminals are human beings susceptible to the same kinds of emotions and environmental stresses as everyone else, explained Guirakhoo. However, Guirakhoo cautioned that while some cybercriminals may appear sympathetic with coronavirus victims, many continue to exploit the situation.
“It’s important not to forget that and let your guard down,” Guirakhoo said. “Cybercriminal activity like this is almost guaranteed to continue as the pandemic progresses.”
By and large, COVID-19 is a not only a virus that can kill people, but it is also a pandemic that is spreading to the digital world; hence cybersecurity professionals should steel themselves to combat a wide range COVID-19 related cybersecurity attacks that will be around even after the virus itself is contained.
