COVID-19 is causing a different kind of pandemic in cyberspace—of phishing, malware and money laundering. In this arena, scalable and smart regulatory technologies can help neutralize many of these emerging threats.
While governments, businesses and ordinary citizens struggle to adapt to the “new normal” of COVID-19, one group seems to be prospering—cybercriminals.
Efforts to limit the spread of the disease have created an extra impetus to “go digital”—be it to shop for essential supplies, access government aid or coordinate day-to-day business activities. In a matter of months, this wave of rapid adoption has left serious security flaws open for criminals all over the world to exploit.
COVID-19 is creating a “perfect storm” of online criminal activity
“With more people spending time at home due to the global COVID-19 pandemic, there has been an increase in the volume and frequency of online transactions,” says Abhishek Chatterjee, founder and CEO of Tookitaki, a leading online fraud- detection and anti-money laundering (AML) software. “It is no surprise that criminals are attempting to capitalise on this COVID-19 induced spike in online transactions.”
As governments across the world ready massive aid and stimulus packages to help citizens and to keep economies ticking, cybercriminals are trying to grab a share. According to recent studies by Check Point Research, March and April witnessed a drastic increase in COVID-19 scams: 18 million phishing emails per day, 240 million spam messages and over 2,000 new suspicious domain names related to stimulus or aid packages.
It is well-established that vigilance is the first defence against online phishing and email fraud attacks. But COVID-19 lockdowns have left people scared, stressed and in desperate need of aid. They make easy prey for online criminals who use the promise of government aid to steal private information.
Given the unprecedented challenge posed by cybercriminals during the global pandemic, many regulatory authorities and watchdogs across the world, including Interpol, have stressed the importance of using modern technology to protect against crime. Regulatory technology, or “regtech”, is key to addressing this challenge.
Medical systems are vulnerable to cybercrime
Health systems across the globe are facing a severe shortage of ventilators, personal protective equipment (PPE) and essential medicines, and they present an easy target for cybercriminals and scammers.
Scammers have opened fake shops online, claiming to sell essential equipment like surgical masks and gowns. They are impersonating organizations like the World Health Organization and the US Centers for Disease Control to send malware and orchestrate phishing attacks on healthcare organizations.
Interpol recently reported one such attack on German health authorities where the attackers used sophisticated phishing techniques and complex chains of referrals to steal 1.5 million euros (US$1.64 million).
Regulators and banks across Germany, the Netherlands and Ireland acted quickly, monitoring transactions to detect illicit money transfers and identify the culprits, quickly freezing the stolen funds.
“These are times when medical support systems are in the limelight, and they are being targeted by criminals more than ever,” said Chatterjee.
Cybercrime has taken a toll on banks and financial institutions
The global economy is spiralling into one of the worst financial downturns in living memory and experts fear it could last well over two years. Recessions like this typically lead to a spike in instances of fraud and money laundering.
In normal times, banks and financial institutions are on the frontlines of the fight against online fraud and money laundering. But the economic, social and logistical challenges created by COVID-19 have severely impacted their ability to effectively monitor and detect instances of fraud.
“Financial Institutions are still relying heavily on manual efforts for their anti-money laundering compliance today. When compliance staff is [sic] working remotely, it is difficult to keep up with the minimum required volume of daily work,” said Chatterjee.
Regulatory software, like the programs Chatterjee’s company Tookitaki develops, help ease the burden on compliance teams in banks and financial institutions by using technologies like machine learning and distributed computing. This software helps streamline banks’ detection of possible fraud cases.
The ASEAN context is no different from the rest of the world
Even as the COVID-19 crisis was in its early stages in February, Interpol highlighted the increasing threats faced that the ASEAN region faces from cybercrime. In 2019, the region witnessed a spike in cases of phishing, compromised business emails, banking malware and other online fraud and security breaches.
As the pandemic worsened, coronavirus-related malware attacks were detected in virtually all Southeast Asian nations in March. The Philippines, Vietnam and Malaysia led the list with 53, 23 and 20 instances, respectively, according to security firm Kaspersky.
Singapore, the regional leader in terms of digitization, has seen businesses targeted using sophisticated coronavirus-themed phishing attacks. Given the increased importance of digital technologies in the era of COVID-19, more nations in the region will have to accelerate their digital transformations as well.
Regulatory technology likely to see continued growth
COVID-19 poses unique challenges related to compliance, due diligence and sanctions for banks, financial institutions and other big corporations. Regulators across the world are scrambling to update their compliance programs as well as their lists of known and suspected financial criminals, also called sanction lists or SDN lists.
Cybercriminals and money launderers have become more advanced and dynamic with the onset of COVID-19. Regulators, businesses and financial institutions all have to step up. Financial and regulatory technologies provide a pragmatic way to adapt existing systems and evolve to tackle new challenges.