Cybercriminals operate continuously, relentlessly, and use every resource at their disposal to achieve their goals. The COVID-19 pandemic served as a clear example of how these malicious actors exploit crises. This period saw multiple fraudulent tactics, such as fake donation campaigns designed to divert funds, emails purporting to contain critical information but actually leading to malicious links, and ransomware attacks targeting hospitals and healthcare facilities. These attacks not only put the financial security of victims at risk, but also the integrity of healthcare systems at a crucial time.
This was not the first incident, nor will it be the last. A recent example of cybercriminals taking advantage of the chaos generated by an incident is the case of CrowdStrike and Microsoft in July 2024. Taking advantage of the confusion, an unknown threat actor launched a sophisticated spear-phishing campaign specifically targeting German users on 24 July 2024. The emails, written in German, contained links leading to spoofed domains, some created using a technique known as ‘typosquatting’, which attempt to confuse the user by resembling the official CrowdStrike domain. These links directed the user to download malware-infected installers masquerading as legitimate applications from the security company.
Akamai, a company specialising in web security and infrastructure, identified at least 180 fake domains created for this purpose, purporting to offer technical support, quick fixes or legal assistance, but whose real purpose was to introduce malware or steal confidential information.
This incident highlights the importance of maintaining a strong cyber security stance and being prepared to respond to attacks that exploit emergency situations. For organisations, the lesson is clear: it is not only critical to be protected against technical failures, but also to anticipate and be prepared for opportunistic threats that will inevitably emerge during times of vulnerability.