The pandemic has accelerated the shift away from physical stores to digital shopping by five years, and cybercriminals wasted no time and quickly came up with sophisticated ways to take advantage of the chaos. As the Covid-19 outbreak was spreading, so was cybercrime.
With no surprise, the finance industry has been particularly hard-hit, registering an increase of 238% in attacks only in the first two months of the lockdown. In March, a new type of Android mobile malware, EventBot, was discovered. It steals user data from financial apps, reads SMS messages, and uses them to bypass two-factor authentication. EventBot has been targeting users of over 200 different financial institutions, including Paypal, Revolut, Barclays, and TransferWise.
In the midst of it all, online credit card skimming criminals were hyped. RiskIQ, a security firm, detected a 20% increase in online skimming activity in March compared to February. There were even some high-profile cases, like Tupperware, and what’s even more interesting in this type of attacks (magecart and similars) is that they can remain undetected for months, even years, providing a never-ending stream of fresh credit cards to the attackers (unless the online shop has Jscrambler 😉).
We’ve also seen an increase in API attacks (yet, truth to be told, this was already a trend) and companies like Facebook, Twitter, Uber or Shopify all had API incidents. Both startups and enterprises focused on cybersecurity are exploring this field and adapting their products to address it (Probely is one of them #justsaying).