Cyber Security and Emerging Threats

The Other Pandemic: How COVID-19 Created a Global Spike in Cybercrime

Both cyberspace and its supporting infrastructure have proven to be essential means of communication during the COVID-19 pandemic. These technologies have allowed countries around the world to stay connected, share critical information, facilitate the transition to telework and online education, and bridge the gaps enforced by social distancing measures. Perhaps unsurprisingly, the COVID-19 pandemic has given rise to a dramatic increase in web traffic around the world, with research in the United States indicating a 17% increase in internet use between March and May 2020.

The significant emotional trauma inflicted by the coronavirus has been worsened due to a global spike in cybercrime. The threat of cybercrimes has been well documented long before the pandemic. Intel’s Chairman and CEO Ginni Rometty referred to cybercrime as the “greatest threat to every profession, every industry, every company in the world” during the IBM Security Summit in 2015. In their earlier iterations, cybercrimes were typically directed against large companies, compromising their cybersecurity by hacking into the email accounts of corporate executives. Since then, these attacks have become much more sophisticated, where they now primarily target individuals through the use of social engineering techniques: the process of psychologically manipulating individuals into compromising their own security. It is estimated that these techniques are responsible for more than 80% of successful exploits.

The increase in global internet traffic and time spent in cyberspace, combined with the confinement, isolation, anxiety, and fear brought about by quarantine have given cybercriminals an unprecedented opportunity to exploit the situation for their own financial, political, or ideological gain. The massive shift online brought about by the coronavirus has exposed countless technological and social vulnerabilities that Criminals have been exploiting since the onset of the pandemic, conducting an array of attacks ranging from hackings, phishing emails, credit card fraud, data breaches, to ransomware. According to Google, the month of March saw an increase in COVID-19-related hacking and phishing attacks by 5 to 6 times their usual levels, as well as a 26% increase in credit card theft.

The proliferation of cybercrimes due to COVID-19 is a global phenomenon. Many countries around the world have been reporting an increase in cybercrimes tied to the coronavirus. In Italy, the Polizia Postale has reported a spike in the sale of ineffective or counterfeit drugs and medical equipment that claim to offer a cure for the virus. In other regions of the country legitimate crowdfunding campaigns were attacked, diverting the funds raised into criminals’ bank accounts. In the United Kingdom, many businesses and individuals who attempted to claim relief funds from the government’s COVID assistance grant programs either had their money stolen or ended up downloading ransomware, preventing users from accessing their devices until a ransom is paid. Critical healthcare infrastructure has also been the target of similar attacks. In early April, INTERPOL’s Cyber Threat Response Team also reported several instances of Spanish hospitals being targeted by ransomware attacks. The World Health Organization also endured a similar attack that same week.

The Government of Canada has identified a number of cybercrimes related to COVID-19. Among them are multiple forms of financial fraud via phishing messages and misleading or false claims pertaining to the virus. There have also been many reported incidents of fraudulent claims to receive the Canada Emergency Response Benefit (CERB) from individuals who do not qualify or are attempting to “double-dip”, or from those who have created illegitimate third-party companies to exploit the confusion associated with the application process. To protect Canadians from these risks, the federal government has allocated $3 Million to fight the spread of disinformation and has produced a list of reported scams and a number of best-practices that the public can follow for protection against COVID-19-related cybercrimes.

NATO and the North Atlantic Council have each released statements condemning the recent wave of cybercrimes, especially those that have targeted frontline workers and medical researchers who are fighting to contain the COVID-19 pandemic. The Alliance has reiterated on multiple occasions that activities conducted within cyberspace are subject to international law and that robust cyber defense strategies must be implemented by all member states in order to maintain the collective defense that protects the international rules-based order.

Just as Canadians have remained vigilant in the fight against COVID-19, we must take the appropriate measures to protect ourselves in cyberspace. It is very likely that both the incidence and complexity of COVID-19-related cybercrimes will increase in the near future. While the Communications Security Establishment (CSE) is working to protect us from an array of cyber-threats, there are several measures that we can take as individuals to mitigate the risks posed by the many malicious activities in cyberspace:

  • Install a reputable anti-virus program on your devices.
  • Use different, complex passwords for each of your accounts.
  • Use multi-factor authentication on your online accounts.
  • Update your devices regularly.
  • Delete any unnecessary apps from your devices.
  • Strictly manage your personal information on social media.
  • Maintain a back-up of your data.

Finally, all of these precautions should be maintained even after the coronavirus pandemic has been contained. While many anticipate a vaccine for the coronavirus is on the horizon, cybercrime is a plague that simply cannot be eradicated. The increasing digitization of our daily lives must be accompanied by an acute awareness of the threats that exist in cyberspace and how they can be mitigated through an understanding of personal cybersecurity best practices.

Cover Image: Increased reliance on cyberspace presents newfound vulnerabilities to malware and other attacks, by Blogtrepreneur via Creative Commons.

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Alex Johnson
Alex Johnson currently serves as a program editor for the NATO Association of Canada. He is also pursuing his Masters degree in Global Affairs at the Munk School of Global Affairs, where he has written numerous research papers on Turkish defense policy. He has a BA in History from Queen’s University, where he focused on Russian history, colonial studies, and the history of migratory populations. Alex’s areas of interest include security issues, artificial intelligence, humanitarian blockchain, and global governance. He is currently working on a project designed to reduce the proliferation of small arms in conflict zones. Alex intends to pursue a career in global security after graduating in 2021 and can be reached at on or LinkedIn.