The Real Virus Impacting The Attackers…

In today’s day and age, we are all too common with the cyber divide between the good and the bad, the attackers and the defenders, the criminals and the investigators.  

It would not be a stretch to say, that in most cases criminal or malicious operators do not care for a person’s situation, circumstance or how their actions may impact their victims. 

However, in these unprecedented times, we fight an invisible virus that impacts us all. In this blog post we ask. Is there a line in which threat actors will not cross? Does the Coronavirus pandemic impact even the darkest corners of the internet?  

As we touched upon in our most recent Podcast, COVID19 or Coronavirus is a global pandemic that is impacting every single one of us. Yet in these challenging times, hackers, scammers and threat actors take advantage of the event to try and exploit us. 

You don’t have to look far to find a news article on the phishing and smishing campaigns flying around the ether. Impersonating Governments or The World Health Organisation is a common Modus Operadi for mass phishing campaigns used to try and harvest user credentials or personal data. 

UK Government Impersonation Phishing email

In the UK this has been headline news and broadcast to millions via the media to help raise awareness, as this activity is just too rife at the moment. Scrolling through LinkedIn and other Cyber Security News sources, there appears to be a new method or different campaign doing the rounds every day. It is probably one of the most fast-paced games of “whack-a-mole” at this moment in time. 

As important as it is to highlight this, it is worth looking into what is happening on the other side. How attackers are feeling the impact of the Coronavirus and how darkweb marketplaces are as up-to-date with supply and demand as the supermarkets and pharmacies. 

In a recent Dark Reading article there was discussion around how some forums implore members for solidarity in these times. To the extent where attacks on the healthcare sector are criticised by some members.  

Yes that’s right hackers can get the virus too, even the bad guys need healthcare…  

Arguably what is more interesting, and draws a close parallel between normal life and that of the criminal underground is the supply and demand for items where there is an apparent shortage. 

We have all seen the impact of panic buying in our communities and our supermarkets. Items such as toilet roll and anti-bacterial hand sanitiser are now considered a luxury and rarer than hen’s teeth.  

Additionally to these everyday items, Personal Protective Equipment (PPE) is also in high demand. So much so that the on the popular darknet marketplace Empire, we have observed vendors selling Face Masks at a premium price. 

Screenshot: Empire Market selling Coronavirus Face Masks

Normally a marketplace offering drugs, hacking as a service and other illicit goods is now a forum to sell an item we all very much in need of. 

It just goes to show that no matter the size and impact of a global event, if there is a way to make money someone will take advantage of it.  

This poses several ethical or moral questions. Firstly do you know what you are funding by purchasing items on darknet forums? In many cases, terror groups and organised crime gangs profit from the sales on these platforms.  

Secondly, if there is more money to be made by selling in-need items on closed marketplaces for a premium, it is likely to drive an increase in this behaviour.  

I don’t know about you, but I do not want to live in a world where during a global pandemic the items I am most need of are only available alongside drugs, weapons and hacking services! 

The view that the darkweb is full of drugs, crime and darkness is definitely true in some senses, however as you can see this is not the only purpose. As this pandemic continues to disrupt our daily lives, and governments enforce lockdowns I can only imagine that these platforms will grow and diversify in the items they have for sale. It is, in some way, a new reality that is developing in front of our very eyes. 

We are all currently experiencing the COVID-19 pandemic for the first time, each weeks bring a new challenge. Whether it be a new threat vector or phishing campaign or Government measures that force us to stay inside. It is by far not the end of this activity and over the next few months we will watch the impact that the Coronavirus has on the cyber security industry. 

To answer our questions laid out earlier. No, I do not think there is a line threat actors will not cross, in fact events like Coronavirus are a direct cause for the rise in  malicious cyber activity.  

And yes, this virus does impact the darkest corners of the internet, by making it a profitable platform to sell items we are all in need of. 

This is most likely only the start of this activity and in my opinion will set a precedent for threat actors and vendors to utilise the darkweb to profit from vulnerable people and shortages in common non-illicit items.  

I hope you all remain safe and healthy during this time. Stay alert and aware of the bad guys and their activity and don’t forget to listen to our Podcast!

Podcast available on
Apple Music:
Sound Cloud:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: