Everybody wants to be a hacker: Data suggests unprecedented interest in cybercrime during pandemic

[TownVirtuoso]

 

Quote

With unemployment rates skyrocketing across the world as prolonged COVID-19 lockdowns continue to wreck the global economy, people who are forced to stay at home without a source of income are beginning to learn new skills to sustain themselves.

Our research discovered that while millions are simply trying to make themselves more employable in the digital job market by signing up for online courses, others appear to be increasingly looking at cybercrime as a potential source of income. Recent data has indicated that during the months of March, April, and May, searches related to hacking, scamming, and other forms of cybercrime were through the roof, with breakout search terms like “hacking course” and “ethical hacking course” reaching all-time highs. Moreover, visits to popular hacker websites and forums increased by up to 66% in March.

However, it seems that this might be just the beginning, which suggests an even more increased interest in becoming a cybercriminal in the near future. While the overall number of people affected by cybercrime is steadily growing every year, 2020 might prove to be the year when the ranks of cybercriminals spike exponentially due to the economic downturns caused by the COVID-19 pandemic.

What we found out

This is what we found after analyzing cybercrime-related search terms on Google Trends and looking at popular hacker website traffic on SimilarWeb in the period from late March to May 2020:

• Out of 15 cybercrime-related search terms we looked at, two are experiencing all-time highs, 5 have reached five-year highs, while 8 search terms have hit twelve-month highs

• According to SimilarWeb, traffic to popular hacker websites surged noticeably in March and April 2020

• The surges in searches and traffic seem to roughly correlate with the introduction of lockdowns in countries across the world, beginning in late March, gaining steam in April, and peaking around late April and early May

• As COVID-19 lockdowns continue to cause damage to national economies, interest in learning cybercrime so far does not seem to wane significantly

Additionally, with the numbers of hacking-related searches reaching their highest levels in years and even decades, a new, massive wave of cybercrime might be in the making later this year.

Record-breaking spikes in cybercrime-related searches

We used Google Trends to see if there was a noticeable spike in interest in cybercrime-related topics during the pandemic. We were mainly looking at search terms related to learning hacking, online scamming, and the dark web.

Out of all the keywords we’ve analyzed, searches for “hacking course” and “ethical hacking course” have spiked the most, with both search terms reaching their all-time highs on Google Trends and possibly indicating the surge of increased interest in learning cybercrime.

The unprecedented spike in searches for hacking courses began in late March and continued to rise through April as the lockdowns in most countries around the world hit their second month.

Other cybercrime-related terms like “how to get on dark web,” “how to scam,” and “learn hacking” have been experiencing their highest numbers in searches in five years or more. This added to our suspicion that the previous searches were made by those who were not just trying to learn how to become law-abiding penetration testers.

The volume of search queries for eight other keywords related to learning cybercrime, such as “how to hack,” “how to become a hacker,” “hacking tutorial,” and “empire market” (the largest dark web marketplace in the world), was also elevated relative to their average during the months of March and April.

These spikes don’t bode well for the cybersecurity community, as such a high increase of interest in acquiring this kind of knowledge can be an indicator of a massive future spike in cybercrime. 

Even though the increases in the volume of cybercrime-related searches have peaked at 100% in April and May, there’s reason to believe that interest might continue to accelerate and reach even higher peaks as the lockdowns continue.

In fact, industry insiders are already beginning to see a surge in cybercrime. According to Fabien Dombard, CTO of QuoLab Technologies, “the cybersecurity community observed a massive amount of malicious activity tagging along with the pandemic, leveraging fear in order to increase their success rate, out of the full spectrum of threat actors from cybercriminals to state sponsored hackers.” 

Ultimately, these trends may not mean that all of these searches were made exclusively by would-be cybercriminals. With that said, they’re still a major cause for concern as interest is expected to increase which could, in turn, spike the number of cyberattacks.

Online hacker communities experiencing increased traffic

Apart from analyzing Google Trends data, we also used SimilarWeb’s Traffic Overview feature to look at rough estimations of traffic coming to popular online hacker communities.

What we saw confirmed our suspicions: while visits to several popular hacker websites and forums were down by 15%-23% from January to February, March traffic was up by 8%-66%. That said, April saw fewer spikes as traffic stabilized, with some websites experiencing decreases in traffic compared to March. However, the gains from February were still maintained on most websites in April.

The noticeable upticks for most popular websites roughly correlate with the unprecedented spikes in searches on Google Trends. While correlation does not necessarily imply causation, increases in criminal activities often tend to go hand in hand with worsening economic conditions [pdf].

Portrait of a would-be cybercriminal

Even though we’d like to think that most of us wouldn’t commit cybercrime, the upticks in searches and hacker website traffic suggest that many are at least considering it. But where do they come from? Are Americans just as likely to turn to cybercrime as people in India or Japan?

Cybercriminals typically come from economically disadvantaged countries and regions where legislation related to cybercrime is either not enacted or not consistently enforced. At the same time, worldwide GDP per capita is predicted to fall off a cliff across 170 countries as unemployment continues to skyrocket due to the sudden economic stop forced by the coronavirus.

This can make talented people with programming or other tech skills in developing countries have even fewer opportunities for gainful employment than they currently have. Which might be the reason behind the fact that, while the spikes in cybercrime-related searches are being observed in most countries, most of the increase comes from nations with poorer or less stable economies, such as Bangladesh, India, Pakistan, and Nigeria.

What now and what’s next?

As interest in cybercrime continues to climb in the midst of the coronavirus pandemic, the ranks of newly minted cybercriminals will continue to grow. While it’s probably too early to tell if these interest spikes are causing a surge in actual cybercrime statistics, we have almost no doubt they will have at least some effect on year-end cybercrime reports.

Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks, asserts that “remote working and remote business interactions will identify new opportunities for organizations to reassess their business continuity plans and network security processes. As always, businesses must continue to address the ways employees connect to the network and how to deploy technology to enable and protect those connections. In retrospect, today’s work from home conditions may turn out to be a silver lining for organizations, as it forces them to reinforce their security posture for the foreseeable future.”

On the other hand, Murali Palanisamy, Chief Solutions Officer at appviewX, argues that “the number of cybercrimes in general should not increase by a drastic amount due to the simple fact that enterprises are wising up – they’ve recognized the importance of cybersecurity in this new world, and are optimizing IT budgets to accommodate the acquisition and maintenance of robust security systems.”

Evgen Verzun, founder of HyperSphere.ai, adds that “the vast majority of those search queries become the first and the last step for most people, when they realize how different cybercrime is from what they see on TV or hear in the news, how much really goes into it.In reality it often doesn’t have that ‘cool’ factor that people pick up on.”

Although expert opinion on the effect of such unprecedented interest in cybercrime seems to differ, detecting such spikes can serve as an early warning system for cybersecurity professionals to begin improving their defense strategies. 

This is particularly relevant in a time when buying and owning malware is easier than ever, as we outlined in our latest research report on malware markets. And when so much more people express their interest in becoming a cybercriminal, neither businesses nor individuals should stay reactive when it comes to cybersecurity, no matter what percentage of those interested become actual blackhats. It’s time to take a more proactive approach. 

At the end of the day, being better prepared now should mean less cybercrime in the future.

 

Source: https://cybernews.com/security/data-suggests-unprecedented-interest-in-cybercrime-during-pandemic/

 

This might not translate to some immediate threat, but it's possible that cybercrime will spike once everyone learns the ropes. Or hey, maybe they'll get bored of it because it's by no means easy.