US non-profit tracks surprising drop in security incidents, despite rise in coronavirus-related cybercrime campaigns

UPDATED The number of data breaches decreased by 33% in the first six months of 2020, compared to the same period in 2019.

This is according to a new report from the Identity Theft Resource Center (ITRC), a US non-profit, which noted that there were 540 publicly reported breaches from January 1 to June 30.

Analysis (PDF) from the consumer education organization shows that in the first half of 2019 there were 811 data breaches.

There was also a 66% year-on-year drop in the number of individuals impacted by data breaches. In the first half of 2020 there were just over 163.5 million victims, said the ITRC – much lower than the 493 million reported a year earlier.

The report reads: “The decrease in data breaches is consistent with threat actors consuming data during the global pandemic instead of gathering new identity information to fuel a variety of Covid-19-related and traditional fraud such as phishing scams and credential stuffing cyber-attacks.”

This suggests that instead of targeting new victims, cybercriminals have increasingly been using already-breached data in their campaigns.

Eva Velasquez, president and CEO of the ITRC, told The Daily Swig: “Ransomware attacks are a great example; the original attacks did not involve taking any information. The attackers simply locked it so it could not be used until they were paid.

“Now, data hijackers are stealing the data first and then threatening to release it or sell it if they are not paid. The result has been a steadily escalating average for ransom paid.”

Threat factor

These methods are currently being used to target Americans who have been affected by the coronavirus pandemic, particularly those who have lost their jobs.

Velasquez explained: “The best example is the unemployment benefit fraud schemes that are being executed by well-organized cybercriminals. In a typical year, the Identity Theft Resource Center sees less than 10 cases related to unemployment fraud because the amount of money to be gained is low.

“However, we have seen hundreds of cases since March. With the federal government adding $600 per week to benefits, the economics have changed.”

She continued: “The identity thieves are using stolen credentials to apply for unemployment benefits through existing state government accounts, or they are creating new accounts to apply for the increased benefits.

“The victims only find out about it when their application for unemployment benefits is rejected or, in the case of someone who is still employed, they get a benefits card in the mail or their employer tells them someone applied for unemployment benefits in their name.

“There will be some victims who will find out their identity was misused sometime in the future when the IRS demands unpaid taxes on the unemployment income they didn’t know they received.

“Washington and Maryland are two of the states that have reported big fraud losses from the cyber scams – $650 million and $550 million respectively in fraudulent claims from fake applications.”


RELATED Strategies for combating increased cyber threats tied to coronavirus


The report also states that attacks by external actors are still the most common cause data breaches, before adding that “compromises caused by internal threat actors are at a three-year low as more people work from home and have less access to internal systems and data”.

In fact, this year is likely to see the lowest numbers of data breaches and exposures since 2015.

“This is not expected to be a long-term trend as threat actors are likely to return to more traditional attack patterns to replace and update identity information needed to commit future identity and financial crimes,” the report adds.

Not (remotely) secure?

The latest ITRC threat analysis comes in contrast to another report which revealed how cyber-attacks have increased during the Covid-19 pandemic, likely due to remote working.

The vast majority (91%) of cybersecurity executives believe that the shift to home-based working has resulted in an increase in attacks, the study by VMWare Carbon Black reads.

Respondents from the UK, US, Italy, and Singapore were polled in March and April of this year.

The study also found that 85% of chief information officers, chief technology officers, and chief information security officers felt that their workforce had not been properly equipped to work from home, with 28% citing “severe and significant gaps” in security.


This article has been updated to include comments from the ITRC.


READ MORE Coronavirus and cybercrime: Scammers’ shifting tactics revealed at Akamai event