How Low Will Cybercriminals Go?

Surely Bond villains only exist in movies -- I mean people aren’t truly evil are they? Especially ones who sit behind a computer. This was part of a discussion I was having with my colleague Erich Kron, so we took a look into a few recent examples to try and answer the question regarding cyber criminals… just how low will they go?

Targeting Hospitals

When the Coronavirus pandemic broke out, we were all concerned about helping frontline medical staff. Some donated PPE, while the 3D printing community stepped up their efforts. 

When Bleeping Computer reached out to ransomware operators, they stated that they will no longer target health and medical organisations during the COVID-19 pandemic.  

While those particular ransomware operators may have been genuine in their claims, they do not speak for every cyber criminal out there. We’ve continued to see ransomware and other cyber attacks against hospitals and other healthcare organisations. In May, Germany-based Frensius Group, Europe’s largest private hospital, whose products are in large demand during the COVID-19 pandemic, had all global operations grind to a halt after being infected with the dreaded Snake ransomware. 

Similarly, Magellan Health, the Fortune 500 insurance company reported a ransomware attack and data breach. 

Verdict: That’s Low

Attacking hospitals or other healthcare organisations, even in the best of times, is frowned upon; but doing so in the midst of a pandemic shows a complete lack of ethics and morals. 

Medicaid for All!

Las Vegas couple Timothy and Latisha Harron created a fake health care company in North Carolina. Then, they went through obituaries to find people who recently died and used a Medicaid eligibility tool to find out if the dead person had a medicaid ID number. 

Using that medicaid ID number, they billed medicaid for made up services they provided to the deceased -- and in doing so made over $13 million. 

Fortunately, like many criminals, they couldn’t help but splash their cash on fine dining, jewellery, and even a private jet -- and all the bragging on Instagram caught the attention of the authorities. 

Verdict: Turning Death into Profit, Shamefully Low. 

Many criminals justify this kind of action by claiming it's a victimless crime and the only money being lost is by large corporations. But that loss eventually gets passed through to customers -- not to mention what kind of mindset does it take to go through obituaries like you’re trying to fill out a bingo card?

Go Fund Someone Else

Scammers have been taking advantage of grieving families and friends of people who recently died from coronavirus. The fraudsters have been cloning social media profiles and setting up fake Gofundme pages asking for donations, which go straight into their own pockets. 

It’s a sickening tactic, but for scammers, it’s just another day in the office. Taking advantage of a recent news story, and the tragic loss of life pulls on the emotional strings of people who are less likely to be skeptical of, or to turn down requests for donations. 

Verdict: So Low, It’s Underground

Lost for words. Absolutely despicable. 

Conclusion

I think it’s safe to say that just by looking at these few examples, there is no depth too low that criminals won’t sink to. It’s important for organisations of all sizes and industries to not underestimate the ruthlessness of criminals and invest in appropriate and robust cybersecurity controls. New-school security awareness training can ensure your users are staying vigilant with real-world scam scenarios. 

Individuals also have a role to play and need to remain vigilant of emails and social media. Not everything is true, and one should think before donating or providing information, no matter how many heart strings the requestor pulls on. 

Want to see more? Watch the weekly Jerich show on YouTube: https://youtu.be/197Rc5Er09c