Cyber Crime During Covid-19
It may have passed you by that both Interpol and the Garda Síochána released separate warnings in August related to increases in cybercrime during Covid-19.
Cyber Crime during Covid-19 Happening at Alarming Rate
Interpol warned of an “alarming” rate of cybercrime during the Covid-19 pandemic, with criminals using tactics such as impersonating health authorities or government advice in phishing emails. Their release stated that there was a marked increase in ransomware attacks from early April, when more people started working from home.
“With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption” — Interpol
The agency had an expectation that further increases in activity would continue, speculating that “the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.”
Invoice Redirect Fraud
Within a week the Garda Síochána issued a warning related to ‘Invoice Redirect Fraud’. It followed on from a Bank of Ireland commercial customer losing €2.1m to cyber criminals. Thankfully the Garda National Economic Crime Bureau was promptly advised and the funds have been frozen in a bank account in Hong Kong. Unfortunately not all victims of cybercrime are so lucky.
What is Invoice Redirect Fraud?
A common type of cybercrime where criminals hack one of the parties involved in an email exchange relating to payment of an invoice. Their aim is to insert their own bank details in place of those of the seller, so that funds are transferred to them.
What we have seen :
The above corresponds with what O’Leary Insurances own clients have been experiencing. See below four such examples of Invoice Redirect Fraud to our clients in recent months:
- In April, a firm of solicitors lost €100,000, of which €53,000 was eventually recovered. The balance was covered by a Cyber Insurance policy that included Cyber Crime cover – something not included as standard on Cyber Insurance policies.
- The following month a hotel was duped out of €95,000 by a similar method. Again, Cyber Insurers are involved in trying to either recover some or all of the monies, or else to pay the claim.
- Just last month another company lost €44,000. Unfortunately they did not purchase Cyber Insurance.
- In early September a company was hacked and a client processed a transfer of €100,000 to criminals. Thankfully the clients’ bank froze the transfer. Investigations are ongoing to see if anyone else has been duped out of monies.
In some of the examples above, sensitive information was also accessed by criminals. This resulted in the need to notify clients, employees and the Data Protection Commissioner of a potential data breach.
While there is never a good time to be hacked, for many businesses it is the last thing they need during these challenging times. In every crisis there is an opportunity, however unfortunately in the case of Covid-19, it seems to be to the benefit of Cyber Criminals.
Cyber Crime is big business. Cyber Criminals are rarely single individuals – they more typically are organised and well-financed.
Cyber Insurance is the last step in any serious cyber security programme. It is the safety net if all else fails (think ‘human error’) and should be included in any comprehensive insurance programme. It is possible to take out a policy that will take much or all of cyber security risk off the company balance sheet, although with the sheer range of policies available it is a case of buyer beware in terms of sourcing an appropriate policy. That may well be a topic for another day!