Cybercriminals prevent aid to Hurricane victims

What does Hurricane Dorian have to do with Cyber Security?

Over the weekend, Hurricane Dorian killed approximately 50 people, with islands such as Abaco within the Bahamas taking the greatest impact and most recently leaving thousands of Canadians without Power. But with weather reporting and early warning systems, would this event have been substantially worse?

Back in 2017 I gave a talk at a Cyber Security convention based in Moscow, Russia. I raised the issue that most Cyber Security defences at best were simply reactive. Computers move at lightning speed and unlike physical events such as Hurricanes, stopping a Cyber-attack becomes near impossible.

However, through Threat Intelligence that impossibility can be turned in to a reality. All Cyber events have a relationship with non-digital domains. What I mean by this, is that actions such as a cyber-attack will be caused or initiated by an alternative non-cyber entity. It is well documented that North Korea’s cyber threat group; Lazarus, largely increased its activity due to Government sanctions. And let’s not forget Lazarus are believed to be behind WannaCry, which caused the unconfirmed death of patients. Because North Korea was becoming financially constrained, it is widely believed actions increased to cover lost revenue.

As another example, West African Cybercrime has greatly increased over the years. With low employment, high education and a high percentage of residents connected to the internet, it is unsurprising some choose to use this motive and capability to commit mass fraud.

Back in 2017, category 5 Hurricane Irma killed 134 people and caused $77.2 billion in damage. As with many significant humanitarian crises, financial aid is rushed to those who need it. Unfortunately, there are many whom seek to fraudulently steal humanitarian aid. Back in 2017 as today we’re seeing a substantial cyber-attack relating to these events. Phishing attacks increase through emails and websites, exploiting those looking to help and only further hurting those who need it most.

By using known ‘real-world’ events, such as natural disasters, political events and more, Threat Intelligence operators can begin determining new unknown risks before they happen. And most importantly, reduce cybercrime so that those who need help, get the help they need.