Cybercriminals’ Motivations during Catastrophic Times

Brittany Haynes wrote an article about “How Criminals Are Benefitting From the COVID-19 Crisis” on March 19, 2020, which is available at Haynes’s article references a March 9, 2020 article by Bradley Barth with the title “Don’t get fooled again: Fake coronavirus emails impersonate the WHO to deliver FormBook trojan” which is available at

It is important to know, especially during such disruptive times as these, what cyberattackers are up to and how they might be achieving their objectives, and so I recommend reading these and other articles to know what is happening now in cyberspace, even though focus is primarily on health and economic issues, which is as it should be. But we cannot ignore the cyber side. And, in order to get a better understanding of what’s going on, we need to try to fathom why cybercriminals are specifically doing what they are doing in order that we might arrive at effective means of preventing and deterring such activities.

When it comes to motivations, we should ask ourselves whether these nefarious activities are due to “structure” or “agency.”

In a January 13, 2020 article on inequality by Joshua Rothman in The New Yorker with the title “Same Difference: What the idea of equality can do for us, and what it can’t,” the author makes the following statement about human behavior:

“Explanations of human behavior have traditionally been divided into two groups: those which focus on the forces that push us around and those which emphasize how, as individuals, we can choose to resist them. The same phenomenon can be viewed from either side of the so-called structure-agency distinction. For most of the twentieth century, according to [political theorist Yascha] Mounk, criminologists looked at crime from a structural perspective: they urged politicians to fight it by reducing poverty—its root cause. Later, however, they changed tack: they began examining the motivations of individual criminals and asking how potential wrongdoers, as ‘agents,’ might be dissuaded from committing crimes.”

To what extent can the above concept be applied to cybercriminals? In my article in the January/February 2020 issue of the ISACA Journal with the title “When Victims and Defenders Behave Like Cybercriminals,” I look into why some who are perceived as victims, or are tasked with defending those potential victims, make the switch to become cyberattackers.

I would note here that while the motives of cyberattackers may be pretty much the same as usual, namely, extorting funds, creating disruptions, inciting discord, etc., the motivations of cyberattackers will likely have changed for some. In a booming economy, greed and desire to live a more luxurious lifestyle might be significant drivers of fraudsters. But in today’s physical and economic upheavals, some attackers may be operating in order to survive themselves, which can be a far greater impetus than enriching oneself. Also, for those looking to further disrupt the already flailing economies of their adversaries, opportunities among a fearful population are much increased. In a situation of increased and more effective criminal activities, exacerbated by the coronavirus and its impact, avoidance, prevention and deterrence become so much more important for potential victims and increasing the support and assistance by government and the private sector has become even more critical.

In addition, there should be great concern about unauthorized access to sensitive systems in such times, as I describe in my 2012 article “IAM Risks during Organizational Change and Other Forms of Major Upheaval,” which is Chapter 1 in Digital Identity and Access Management: Technologies and Framework, edited by Raj Sharman et al, and published by IGI Global. The main idea here is that when there are big changes to staffing, either through layoffs or role reassignments, identity and access management (IAM) systems, which authenticate users and authorize their access rights, may fall behind in their maintenance, leaving open access that needs to be changed in order to avoid nefarious activities. It is highly likely that, during these turbulent times, many users will continue to be authorized to access internal corporate systems outside of their status changes, and that such accesses represent a significant risk to companies. Despite the difficulties, support personnel need to move quickly to remove obsolete access rights—a task made so much harder right now.

As we suffer through the coronavirus pandemic dystopia, we are seeing fraudsters, hackers and scammers taking advantage of a frightened and vulnerable populace. This is unacceptable even at the best of times. How much more so in these worst of times. While the world’s leadership is rightly concentrating on the physical aspects of the pandemic, this is no time to ignore the activities of cyber looters and other bad actors. Our political and business leaders need to ramp up defenses against such cyberattacks, and lawmakers, regulators and law enforcement officials must strengthen the negative consequences to perpetrators of committing consequential cybercrimes even as they work to get us through these times.

Amidst the justifiable concerns about the pandemic’s physical impact, there appears to be too little room for discussing mitigation of cybercrimes. While such prioritization is understandable, we must not ignore the cyber risks that are also spreading throughout the world. It is time to bring cyber into the conversation much more than it has been up to now. We need to better understand why these criminals are doing what they are doing, and put in place effective preventative measures and deterrents. The populace is already facing painful times. We certainly do not need an additional layer of assault. Yes, follow the warnings and advice in the proliferation of articles on the subject of protecting against cyberattacks. But, there also needs to be considerable effort, both nationally and globally, to address the ravages taking place in cyberspace.

Post a Comment

Your email is never published nor shared. Required fields are marked *