Cyber Crime Statistics and Trends in COVID-19 Pandemic and Post Pandemic
1. Cyber Crime Statistics and
Open Source Tools for
Digital Forensics
1
Dr Umang
Associate Professor
Institute of Technology & Science, Ghaziabad
Email: umangsingh@its.edu.in, dr.umang.singh@ieee.org
Dr Umang@ITS
2. CYBERCRIME
2
Cybercrime, or computer-oriented crime, is a
crime that involves a computer and
a network.
Offences that are committed against
individuals or groups of individuals with a
criminal motive to intentionally harm the
reputation of the victim or cause physical or
mental harm, or loss, to the victim directly or
indirectly, using modern telecommunication
networks such as Internet (networks including
chat rooms, emails, notice boards and
groups) and mobile phones
(Bluetooth/SMS/MMS).
Dr Umang@ITS
3. Cyber Crime
• “Any unlawful act where computer or communication device or
computer network is used to commit or facilitate the commission of
crime”.
• https://www.cybercrime.gov.in/
CSAM
CYBER BULLYING
CYBER STALKING
CYBER GROOMING
ONLINE JOB FRAUD
ONLINE SEXTORTIONVISHING SEXTING SMSHING SIM SWAP SCAM
IMPERSONATION AND
IDENTITY THEFT
DEBIT/CREDIT CARD FRAUD
PHISHING
SPAMMING RANSOMWARE
VIRUS, WORMS & TROJANS DATA BREACH DENIAL OF SERVICES/DISTRIBUTED DOS
WEBSITE DEFACEMENT CYBER SQUATTING PHARMING CRYPTOJACKING
ONLINE DRUG TRAFFICKING
ESPIONAGE
3Dr Umang@ITS
5. Malware
• Malware is any software intentionally designed to cause damage to a
computer, server, client, or computer network.
Malware
Computer Virus
Worms Trojan Horses
RansomwareSpyware Adware Scareware
5Dr Umang@ITS
6. Malware Vs Viruses
Malware is a catch- all term for any type of malicious
software, regardless of how it works, its intention or
how is distributed
Viruses are designed to damage
its target computer by
corrupting data, reformatting your hard or
completely shutting down your system.
6
Dr Umang@ITS
7. There were 144.91 million new malware
samples in 2019.
Already 38.48 million new samples in 2020
(April 2020)
In 2018, 93.6% of malware observed
polymorphic, meaning it has ability to
constantly change its code to evade
detection .
Malicious Hackers are now attacking
computers and networks at a rate of one
attack every 39 seconds
7Dr Umang@ITS
8. www.isea.gov.in
• Of the endpoints reporting an infection, 62%
were consumer (home user) devices, while 38%
were business systems.
• One thing that is especially interesting to note is
the frequency with which PCs were re-infected.
In 2019•
• 46.3% encountered only one infection
• 35.8% encountered 2-5
• 8.6% encountered 6-10
• 9.2% had more than 10 infections
8Dr Umang@ITS
10. Cyberthreats are constantly evolving in order to take advantage of online behavior
and trends. The COVID-19 outbreak is no exception.
https://www.interpol.int/Crimes/Cybercrime/COVID-19-cyberthreats
Cybercriminals are attacking
the computer networks and
systems of individuals,
businesses and even global
organizations at a time when
cyber defenses might be
lowered due to the shift of focus
to the health crisis.
11Dr Umang@ITS
11. Spammers, scammers, and other threat actors
quick to take advantage of global panic
surrounding coronavirus outbreak
12
Figure 2: Spam timeline in Week 1 and Week 2 of March 2020
Figure 1: Spam timeline in Week 3 and Week 4 of March 2020
Key features of malspam campaigns
Top subject line keywords: “COVID-19”, “corona”,
“coronavirus”, and “masks”
Top malware categories: Generic Trojan, Infostealer,
Backdoor, Downloader
Key features of snowshoe campaigns
Top subject line keywords: “COVID”, “corona”,
“coronavirus”, and “masks”
Top domain names observed: “covid”, “corona”,
“coronavirus” and “wuhan”. These were recently registered
domains, ready to be used in spam campaigns
The most abused gTLDs observed were .biz, .cf, .info,
.online, .xyz
Dr Umang@ITS
13. Fake UPI address found registered under ‘PM Care Fund’, FIR lodged
Online complaint about a UPI address “Pmcare@sbi”. The ID was created to receive donations and the matter
was then raised with State Bank of India which was blocked it immediately. However, correct UPI ID is
“PMCARES@SBI”.
14Dr Umang@ITS
15. 16
Group of hackers that go by the name of SSHacker, that describe themselves as
“dedicated to providing the best hacking services since 2005” and now offering
the service of hacking into Facebook accounts at a discounted rate!
15% off with COVID-19 code
Dr Umang@ITS
16. “True Mac” offers the “most-
loved Mac” model –
MacBook Air – in the
fantastic price of US$390 as
a “corona special offer”.
17
Dr Umang@ITS
21. COVID-19 Email Spam Statistics
• RiskIQ analyzed its spam box feed for the
time period of 05/14/2020-05/15/2020.
• 89,658 spam emails containing either
“corona” or “covid” in the subject line.
• 7,691 unique subject lines observed during
the reporting period.
• The spam emails originated from 5,244
unique sending email domains and 8,940
unique SMTP IP Addresses.
• Analysts identified 147 emails that sent an
executable file for Windows machines.
https://www.riskiq.com/blog/analyst/covid19-cybercrime-update/ 23
Almost 7,000 unique samples out of 41,000 total Corona Phishing
Spam samples reported from Smart Protection Network (SPN)
enabled in Trend Micro Messaging products.
Dr Umang@ITS
22. Blocked COVID-19 related emails during March 2020
24
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-19-outbreak-prompts-opportunistic-wave-malicious-email-campaigns
Dr Umang@ITS
24. How do I spot a coronavirus phishing email?
• Coronavirus-themed phishing emails can
take different forms, including these.
• CDC alerts. Cybercriminals have sent
phishing emails designed to look like
they’re from the U.S. Centers for Disease
Control.
26
Beware of online requests for personal information
Check the email address or link
Watch for spelling and grammatical mistakes
Look for generic greetings
Avoid emails that insist you act now
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-19-outbreak-prompts-opportunistic-wave-malicious-email-campaigns
Domain used in text appears to be “cdcinfo.gov”, hovering the cursor over the link will reveal the
real, malicious URL the link leads to:
When clicked, it routes to:
Dr Umang@ITS
27. 29
Every 2 seconds, the keystrokes are sent to evil.com website to key.php file
Website loaded in frame.
Dr Umang@ITS
28. Coronavirus Pandemic is Proving to be a Boon
for Cyber Criminals
• On a single day of 20 March, more than
3000 domains were registered with the
theme ‘covid’ or ‘corona’.
• In one month, more than 100,000 new web
domain names were registered containing
terms like corona, covid, and virus.
Significant Jump in Coronavirus Related Domain Names
Research Analysis shows that 6.5% of domains are related to malicious activities and are ‘fake
domains’—a fraudulent website that looks similar or identical to the legitimate one.30Dr Umang@ITS
29. Some reasons for the rise in such fake domain
registrations are as follows:
• For abject virus-related sales such as masks, preventative care,
cleaning supplies or services, bogus vaccines among others
• To trick the users into sharing their private information, such as
banking credentials or other account passwords
• To get money transferred by creating identical websites of authority,
government(schemes), banks etc.
• To create confusion and/or spread hatred among a targeted community.
31Dr Umang@ITS
30. As people look for some hope at this time and right
information about the coronavirus pandemic, cyber
criminals are using the occasion to scam web users.
• Cybercriminals and scammers are using coronavirus to scam web users.
• They are targeting vulnerable people claiming to offer Covid-19 vaccine
or treatment.
• The aim of cybercriminals in these cases is to install viruses on people’s
phones and computers.
According to a New York-based cyber intelligence firm, IntSights, such "coronavirus-
themed phishing lures, malware infections, network intrusions, scams, and disinformation
campaigns have become rampant across the clear, deep, and dark web."
32Dr Umang@ITS
31. Dark Web Market of Covid-19
• “Sellers seek to exploit public fear by offering products that could allegedly serve
as virus tests or vaccines.“
• This trend is high in countries like the USA
• From research analysis, it has found that "these products are in no way real, and
buyers would be scammed out of their money.“
FAKE COVID-19 detectors on sale on dark and deep web (Source: IntSights)
33Dr Umang@ITS
32. Dark Web Market of Covid-19
FAKE COVID-19 vaccine on sale on dark and deep web (Source: IntSights) 34Dr Umang@ITS
33. Sponsored threats
• A threat actor called APT36 was recently observed "spreading a
malicious office document spoofed to look like it came from Indian
government websites."
• The program is designed to give an impression of a health advisory in
Microsoft office file related to coronavirus.
• Its victims face the risk of installing a "Crimson RAT payload" into
their system in the process.
• Other suspected state-sponsored targeting campaigns are associated with
China, Russia and North Korea, as observed by researchers.
• Threat actors "MUSTANG PANDA" and "VICIOUS PANDA" were
linked to Chinese campaigns, whereas a malware strain named
"BabyShark" was linked with North Korean campaigns earlier in
February. A suspected Russian state-sponsored hacking group known as
"Hades" also reportedly targeted Ukraine, which used Covid-19 as a
lure.
Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software
information, and listing the running processes, drives and directories from victim machines.
35Dr Umang@ITS
34. Crimson RAT
36
• The email pretends to be from the
government of India
(email.gov.in.maildrive[.]email/?att
=1579160420) and contains a
“Health Advisory” regarding the
coronavirus pandemic.
• Once victims click on the attached
malicious document and enable
macros, the Crimson RAT is
dropped.
Dr Umang@ITS
35. VMware Carbon Black data already indicates that
27% -- of all cyberattacks target either banks or
the healthcare sector.
• https://www.zdnet.com/article/covid-19-blamed-for-238-
surge-in-cyberattacks-against-banks/
37
https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/Dr Umang@ITS
36. “Wiper" malware attack launched against a U.S. business
According to MITRE, the typical behaviors demonstrated by
wiper malware are as below:
38
https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/
Dr Umang@ITS
37. Kristin Judge, “How does COVID-19 impact cyber crime? ” , 8th April, 2020
39Dr Umang@ITS
39. Major Third-party Breaches Revealed in May 2019
Websites using Alpaca Forms
Companies Using Asus’s Webstorage
http://blog.asuswebstorage.com/
2019/05/15/asus-webstorage-
security-incident-update/
Cyber criminals leaked
credit-card data from a
third-party data-management
firm. City Bank, Axis, ICICI,
IndusInd, RBL, and others’
confidential customer data
were exposed.
The money was sent on online
wallets like PayTM and
Mobikwik, which were opened
using fake details and SIM.
A database of a huge number
of Instagram influencers, big
names, and brand records
containing their own data
including contact subtleties was
found openly available on the
web.
Magecart attackers inserted card-
skimming scripts into the subscription
website for the Forbes print magazine.
https://www.normshield.com/major-third-party-breaches-revealed-in-may-2019/
Dr Umang@ITS 41
40. MORE Breaches - July 2019
The credit bureau Equifax will pay
about $650 million — and perhaps
much more — to resolve most claims
stemming from a 2017 data breach
that exposed sensitive information on
more than 147 million consumers and
demonstrated how little control
Americans have over their personal
data.
https://www.nytimes.com/2019/07/22/business/equifax-
settlement.html
5 Million Bulgarians Have Their
Personal Data Stolen in Hack:
Bulgaria has suffered what has been
described as the biggest data leak in
its history. The stolen data, which
hackers emailed to local media on July
15, originates from the country’s tax
reporting service – the National
Revenue Agency (NRA).
https://thenextweb.com/security/2019/07/1
6/bulgaria-tax-agency-data-leak-hack/ Dr Umang@ITS 42
42. Predictions Cybersecurity Statistics For 2020 To 2021
1#
Cybercrime damage costs are predicted to hit $6 trillion annually by
2021.
• Cyber crime damages will cost the world $6 trillion annually by 2021, up
from $3 trillion in 2015.
• This represents the greatest transfer of economic wealth in history, risks the
incentives for innovation and investment, and will be more profitable than
the global trade of all major illegal drugs combined.
Damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal
and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic
investigation, restoration and deletion of hacked data and systems, and reputational harm.
44Dr Umang@ITS
43. Predictions Cybersecurity Statistics For 2020 To 2021
2#
Cybersecurity spending will exceed $1 trillion from 2017
to 2021.
• The cybersecurity market is continuing its stratospheric
growth and hurtling towards the trillion dollar mark that
we originally predicted in 2017.
• In 2004, the global cybersecurity market was worth $3.5
billion — and in 2017 it was expected to be worth more
than $120 billion. The cybersecurity market grew by
roughly 35X over 13 years entering our most recent
prediction cycle.
• Global spending on cybersecurity products and services are
predicted to exceed $1 trillion (cumulatively) over five
years, from 2017 to 2021.
45Dr Umang@ITS
44. Predictions Cybersecurity Statistics For 2020 To 2021
3#
The world will have 3.5 million unfilled cybersecurity jobs by the end of 2021
Every IT position is also a cybersecurity position now. Every IT worker, every
technology worker, needs to be involved with protecting and defending apps, data,
devices, infrastructure and people.
There will be 3.5 million unfilled cybersecurity jobs by 2021 — enough to fill 50 NFL
stadiums — according to Cybersecurity Ventures. This is up from Cisco’s previous
estimation of 1 million cybersecurity openings in 2014.
46Dr Umang@ITS
45. Predictions Cybersecurity Statistics For 2020 To 2021
4#
Ransomware damage costs are predicted to grow
more than 57X from 2015 to 2021.
• Global ransomware damage costs are predicted to
reach $20 billion by 2021, up from $325 million in
2015.
• Ransomware attacks on healthcare organizations
— often called the No. 1 cyber-attacked industry
— will quadruple by 2020.
• Cybersecurity Ventures expects that a business
will fall victim to a ransomware attack every 11
seconds by 2021, up from every 14 seconds in
2019. This makes ransomware the fastest growing
type of cybercrime
47Dr Umang@ITS
46. Predictions Cybersecurity Statistics For 2020 To 2021
5#
70 percent of cryptocurrency transactions will be for illegal activity by 2021
• Crypto crime is an emerging segment of the cybercrime ecosystem, and it’s booming.
• Around $76 billion of illegal activity per year involves bitcoin, which is close to the scale of
the U.S. and European markets for illegal drugs, according to a study published by the
University of Sydney in Australia, ranked as one of the top 100 universities globally.
• Cybersecurity Ventures predicts that by 2021 more than 70 percent of all cryptocurrency
transactions annually will be for illegal activity, up from current estimates ranging anywhere
from 20 percent (of the 5 major cryptocurrencies) to nearly 50 percent (of bitcoin).
• Stay tuned for a year-end update with more cybersecurity market research from the editors at
Cybersecurity Ventures.
48Dr Umang@ITS
47. www.isea.gov.in
Mexico was the hardest country by cyber
attacks in 2019 with 93.9% of all surveyed
companies at least once last year
Naturally, These Facts and figures are just
the /p of the iceberg. The deeper we dive in
to the wealth of informa/on cyber security
reports now offer, the clearer and more
unnerving the picture becomes
49Dr Umang@ITS
48. Ransomware Attack
• The FBI, Microsoft, warned victims to not pay the ransom demands
after a cyberattack for a host a reasons.
• New research from Sophos confirms that ransomware payments can
actually double the amount of recovery costs and don’t ensure an
easier path to recovery.
• As per State of Ransomware 2020 report, Sophos researchers surveyed
5,000 global IT decision makers across a range of sectors. They found
that 51 percent of these organizations faced a ransomware attack
within the last year.
• For the US, 59 percent of respondents reported falling victim to an
attack. Notably, 25 percent of US respondents said they were able to stop
an attack before data was encrypted. But overall, data was encrypted in
73 percent of these successful attacks.
• Faced business downtime, lost orders, operational costs, device costs,
and other expenses.
• While 56 percent of the surveyed IT managers said they were able to
recover the encrypted data from backups without paying the ransom, still
another 27 percent of organizations hit by ransomware admitted to
paying the hackers. 50https://healthitsecurity.com/news/paying-the-ransom-can-double-ransomware-attack-recovery-costsDr Umang@ITS
49. Cyber Crime
(CSAM)
• Child sexually abusive material (CSAM) refers
to material containing sexual image in any
form, of a child who is abused or sexually
exploited. Section 67 (B) of IT Act states that “it
is punishable for publishing or transmitting of
material depicting children in sexually explicit
act, etc. in electronic form.
51Dr Umang@ITS
50. Cyber Crime (CSAM)
Statistics
• As per report April 17, 2020, India’s child
pornography consumption spikes by 95% during
coronavirus lockdown.
• According to the India Child Protection Fund (ICPF),
there has been a steep increase in demand for
searches like “child porn”, “sexy child” and “teen sex
videos”, along with an increase in traffic on Pornhub
from India by 95 percent between March 24 and 26,
2020, as compared to before the lockdown.
52Dr Umang@ITS
52. Cyber Crime
(CSAM) Statistics
• As per report April 17, 2020, India’s child
pornography consumption spikes by 95% during
coronavirus lockdown.
• According to the India Child Protection Fund (ICPF),
there has been a steep along with an increase in
traffic on Pornhub from India by 95 percent
between March 24 and 26, 2020, as compared to
before the lockdown.
54Dr Umang@ITS
53. Cyber Crime
(CSAM) Statistics
• As per report April 17, 2020, India’s child
pornography consumption spikes by 95% during
coronavirus lockdown.
• According to the India Child Protection Fund (ICPF),
there has been a steep along with an increase in
traffic on Pornhub from India by 95 percent
between March 24 and 26, 2020, as compared to
before the lockdown.
‘Jio impact’ on mobile (and porn) traffic Before Jio’s launch in September 2016, the average monthly
consumption of mobile data in India was about 600 MB. By mid-2017, it surged to 3.5 GB, which is nearly a
500 percent increase. In fact, Jio rival Idea Cellular put on record last year that it expects average monthly
mobile data consumption to reach 15 GB in the next few years.
src: https://yourstory.com/2018/11/india-bans-porn-working-means-reliance-jio-telcos 55Dr Umang@ITS
54. Harassment or bullying inflicted
through the use of electronic or
communication devices such as
computer, mobile phone, laptop, etc.
It is unfortunate that there are no special Anti-
Cyber Bullying Laws in India yet.
In cases of sexual offenses against children,
Protection of Children from Sexual Offences
(POCSO) Act, 2012 is applicable.
The Ministry of Women and Child Development has launched a distinct helpline (complaint-mwcd@gov.in)
to report cyberbullying, online harassment, and cyber defamation, particularly against women and children.56Dr Umang@ITS
55. Some quick tips for prevention
Be Polite
Don’t post
personal things
Keep online
communication
limited
Do not meet online
strangers in person
Secure Passwords Always Logout
Do not spend much
time on public
platforms/groups
Block irritants
Make settings
private
Think before you
post. Be careful
about your words
and images
Do not use
technology to vent
your feelings
Be sure about your
friends online
identity
57Dr Umang@ITS
56. ICPF submits its recommendations towards
curbing demand of CSAM in India:
1. Creation of a CSAM Tracker through nationwide scale up of artificial
intelligence tools deployed for this research
2. An aggressive online campaign through strong deterrence messaging on the
public web
3. An ongoing government campaign to educate children and parents on
identifying and reporting online child sexual abuse and child pornography
4. Creation of a CSAM Offenders Registry for individuals found to be consuming,
distributing or selling CSAM
5. Appropriate orders for mandatory reporting and pulling down of CSAM content
and individuals by ISPs and social media platforms
6. India to take the lead to establish a legally binding international convention for
international cooperation to eliminate the creation, hosting and viewership of
CSAM
58Dr Umang@ITS