Cybernews: Data suggests unprecedented interest in hacking and cybercrime during pandemic

With unemployment rates skyrocketing across the world as prolonged COVID-19 lockdowns continue to wreck the global economy, people who are forced to stay at home without a source of income are beginning to learn new skills to sustain themselves.

Our research discovered that while millions are simply trying to make themselves more employable in the digital job market by signing up for online courses, others appear to be increasingly looking at cybercrime as a potential source of income. Recent data has indicated that during the months of March, April, and May, searches related to hacking, scamming, and other forms of cybercrime were through the roof, with breakout search terms like “hacking course” and “ethical hacking course” reaching all-time highs. Moreover, visits to popular hacker websites and forums increased by up to 66% in March.

However, it seems that this might be just the beginning, which suggests an even more increased interest in acquiring skills related to hacking and cybercrime in the near future due to the economic downturns caused by the COVID-19 pandemic. On the other hand, mastering those skills all the way to the point of becoming a dangerous cybercriminal is a particularly difficult and time-consuming undertaking, which may discourage a majority of those with a mere interest in learning cybercrime from pursuing anything further than a Google search or a visit to a dark web marketplace.

Nonetheless, the sharp upwards trend in the popularity of the subject matter might be a potential cause for alarm for cybersecurity professionals.

What we found out

This is what we found after analyzing cybercrime-related search terms on Google Trends and looking at popular hacker website traffic on SimilarWeb in the period from late March to May 2020:

• Out of 15 hacking- and cybercrime-related search terms we looked at, two are experiencing all-time highs, 5 have reached five-year highs, while 8 search terms have hit twelve-month highs
• According to SimilarWeb, traffic to popular hacker websites surged noticeably in March and April 2020
• The surges in searches and traffic seem to roughly correlate with the introduction of lockdowns in countries across the world, beginning in late March, gaining steam in April, and peaking around late April and early May
• As COVID-19 lockdowns continue to cause damage to national economies, interest in learning cybercrime so far does not seem to wane significantly

Additionally, with the numbers of hacking-related searches reaching their highest levels in years and even decades, a new wave of cybercrime might be in the making in the future.

Record-breaking spikes in cybercrime-related searches

We used Google Trends to see if there was a noticeable spike in interest in cybercrime-related topics during the pandemic. We were mainly looking at search terms related to learning hacking, online scamming, and the dark web.

Out of all the keywords we’ve analyzed, searches for “hacking course” and “ethical hacking course” have spiked the most, with both search terms reaching their all-time highs on Google Trends and possibly indicating the surge of increased interest in learning skills related to hacking.

The unprecedented spike in searches for hacking courses began in late March and continued to rise through April as the lockdowns in most countries around the world hit their second month.

Other cybercrime-related terms like “how to get on dark web,” “how to scam,” and “learn hacking” have been experiencing their highest numbers in searches in five years or more. This added to our suspicion that the previous searches were made by those who were not just trying to learn how to become law-abiding penetration testers.

The volume of search queries for eight other keywords related to learning cybercrime, such as “how to hack,” “how to become a hacker,” “hacking tutorial,” and “empire market” (the largest dark web marketplace in the world), was also elevated relative to their average during the months of March and April.

These spikes may not bode well for the cybersecurity community, as such a high increase of interest in acquiring this kind of knowledge can be an indicator of a future spike in cybercrime. 

Even though the increases in the volume of cybercrime-related searches have peaked at 100% in April and May, there’s reason to believe that interest might continue to accelerate and reach even higher peaks as the lockdowns continue.

In fact, industry insiders are already beginning to see a surge in cybercrime. According to Fabien Dombard, CTO of QuoLab Technologies, “the cybersecurity community observed a massive amount of malicious activity tagging along with the pandemic, leveraging fear in order to increase their success rate, out of the full spectrum of threat actors from cybercriminals to state sponsored hackers.” 

Ultimately, however, these trends may not mean that all of these searches were made exclusively by would-be cybercriminals as cybersecurity professionals might constitute a good part of those searching for hacking courses to improve their own skillset.

Sounil Yu, CISO-in-Residence at YL Ventures, warns that basic “hacking” skills, such as how to conduct penetration testing, exploit web applications, or find vulnerabilities, are not skills solely related to cybercrime. “Rather, these are foundational skills that are helpful to individuals wanting to start a career in cybersecurity. Cybersecurity jobs have largely remained unaffected by the pandemic and we continue to have a significant shortage of qualified talent, so I wouldn’t be surprised if many people are trying to acquire such skills in the hopes of becoming gainfully employed as a cybersecurity practitioner.”

Online hacker communities experiencing increased traffic

Apart from analyzing Google Trends data, we also used SimilarWeb’s Traffic Overview feature to look at rough estimations of traffic coming to popular online hacker communities.

What we saw confirmed our suspicions: while visits to several popular hacker websites and forums were down by 15%-23% from January to February, March traffic was up by 8%-66%. That said, April saw fewer spikes as traffic stabilized, with some websites experiencing decreases in traffic compared to March. However, the gains from February were still maintained on most websites in April.

The noticeable upticks for most popular websites roughly correlate with the unprecedented spikes in searches on Google Trends. While correlation does not necessarily imply causation, increases in criminal activities often tend to go hand in hand with worsening economic conditions [pdf].

Portrait of a would-be cybercriminal

Even though we’d like to think that most of us wouldn’t commit cybercrime, the upticks in searches and hacker website traffic suggest that many are at least considering it. But where do they come from? Are Americans just as likely to turn to cybercrime as people in India or Japan?

Cybercriminals typically come from economically disadvantaged countries and regions where legislation related to cybercrime is either not enacted or not consistently enforced. At the same time, worldwide GDP per capita is predicted to fall off a cliff across 170 countries as unemployment continues to skyrocket due to the sudden economic stop forced by the coronavirus.

This can make talented people with programming or other tech skills in developing countries have even fewer opportunities for gainful employment than they currently have. This might be the reason behind the fact that, while the spikes in cybercrime-related searches are being observed in most countries, most of the increase comes from nations with poorer or less stable economies, such as Bangladesh, India, Pakistan, and Nigeria.

What now and what’s next?

As interest in cybercrime continues to climb in the midst of the coronavirus pandemic, the ranks of newly minted cybercriminals will continue to grow. While it’s probably too early to tell if these interest spikes are causing a surge in actual cybercrime statistics, we have almost no doubt they will have at least some effect on year-end cybercrime reports.

Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks, asserts that “remote working and remote business interactions will identify new opportunities for organizations to reassess their business continuity plans and network security processes. As always, businesses must continue to address the ways employees connect to the network and how to deploy technology to enable and protect those connections. In retrospect, today’s work from home conditions may turn out to be a silver lining for organizations, as it forces them to reinforce their security posture for the foreseeable future.”

On the other hand, Murali Palanisamy, Chief Solutions Officer at appviewX, argues that “the number of cybercrimes in general should not increase by a drastic amount due to the simple fact that enterprises are wising up – they’ve recognized the importance of cybersecurity in this new world, and are optimizing IT budgets to accommodate the acquisition and maintenance of robust security systems.”

Evgen Verzun, founder of HyperSphere.ai, adds that “the vast majority of those search queries become the first and the last step for most people, when they realize how different cybercrime is from what they see on TV or hear in the news, how much really goes into it.In reality it often doesn’t have that ‘cool’ factor that people pick up on.”

Although expert opinion on the effect of such unprecedented interest in cybercrime seems to differ, detecting such spikes can serve as an early warning system for cybersecurity professionals to begin improving their defense strategies. 

This is particularly relevant in a time when buying and owning malware is easier than ever, as we outlined in our latest research report on malware markets. And when so much more people express their interest in becoming a cybercriminal, neither businesses nor individuals should stay reactive when it comes to cybersecurity, no matter what percentage of those interested become actual blackhats. It’s time to take a more proactive approach. 

At the end of the day, being better prepared now should mean less cybercrime in the future.