According to a recent poll of economists conducted by The Wall Street Journal, the possibility of a recession currently lies at 61%. At the very least, inflation rates have been putting significant pressure on consumers as their purchasing power diminishes. In the US specifically, our rates have stood well-above the targeted 2%, at 7% and 6.5% in 2021 and 2022, respectively.
Whether in an opportunistic bid to slim down workforces, or in a genuine attempt to survive the approaching storm, we have witnessed a stream of layoffs and hiring freezes across industries of late; though the tech industry has been particularly hard-hit. Google, for instance, announced in January 2023 that it would be cutting 12,000 jobs, following similar news from Amazon and Salesforce, to Goldman Sachs and Bed Bath & Beyond.
This economic turmoil and its uncertainties will no doubt have knock-on effects, not only across legitimate markets, but in the cybercriminal underworld as well. In fact, we can anticipate its impact to materialize on three fronts: a general rise in criminal activity, unlikely actors turning to cybercrime, and cybercriminals turning the tables on their peers.
Rise in cybercriminal activity
Perhaps the most evident repercussion will be an acceleration of cybercrime generally. As history has demonstrated time and again, during times of uncertainty, threat actors come out of the woodwork. Emotions, be they fear, anxiety, or stress, run high, creating the ideal environment for social engineering attacks. By pushing on the right buttons and injecting a touch of urgency, criminals can easily convince victims to share sensitive information or take other actions against their best interest.
Consider all those in ‘employment limbo’, who may jump eagerly at a job offer that is just a little too good to be true. For example, CNBC recounted the case of a young woman in September 2022 who fell for a job offer that quickly turned sour. After recently being hired for a marketing job, her new employer requested that she buy her own laptop and work phone from the company’s portal. It wasn’t long before it became clear that neither the job nor the portal was real, but a scam to siphon funds. This is certainly not uncommon now as fake, and increasingly sophisticated, job listings become more common on the web.
We will likely continue to see a surge in fraud as well, particularly surrounding unemployment benefits—an unfortunate fact, considering that the US Department of Labor estimates that as much as $45.6 billion worth of pandemic unemployment benefits have already been lost to fraudsters between March 2020 and April 2022.
In this respect, we advise that individuals bolster their cybersecurity best practices to protect themselves. This includes not just using unique and complex passwords across accounts, but more importantly, enabling multi-factor authentication. Individuals should also take a minute to assess their correspondence, being careful to act on any emails, calls or texts only when they have verified who they are interacting with. It is also worth proactively registering your Social Security account for such benefits, even if you’re not expecting to file anytime soon, because criminals may just register on your behalf and steal any payments.
Innocents turning to cybercrime
Conversely, we may see ordinary citizens become the perpetrators of cybercrime themselves as they seek an alternative means to earn money. Across the pond in the UK, a study by International Cyber Expo even found that 40% of parents believe children will turn to cybercrime because of a lack of money during the cost of living crisis. Unfortunately this is not an implausible claim, as cybercriminal technologies become commoditized. Phishing kits, malware kits, ransomware-as-a-service – cybercrime can be easily outsourced or made into a simple step-by-step process, thus lowering the barrier to entry.
The advent of easily-accessible AI tools will likely further exacerbate this trend. Indeed, the much-ballyhooed ChatGPT has already created quite a stir among the cybersecurity community. As CheckPoint has found, the technology can and is being used to craft highly convincing phishing emails and malware code itself. Additionally, other AI tools may give way to deep fake vishing messages and more.
Cybercriminals scam the scammers
Meanwhile, we might also see cybercriminals increasingly turn on each other. Like any legitimate business, criminal enterprises also have an interest in maintaining market share and customer satisfaction to remain operational. Many underground organizations have departments specifically for customer service, tech support, and other functions common in legitimate organizations. Be that as it may, there are cybercriminal sellers that significantly underdeliver on their promised data, goods and/or services, fail to deliver them altogether, or even steal from their customers with backdoor malware. Indeed, in February 2022, JFrog discovered that some malicious npm packages used by threat actors to manipulate Discord accounts had been hijacked by other malware authors to steal their stolen tokens. Equally, a buyer may scam the seller by refusing to pay or blackmail them. According to Sophos, cybercriminals have lost more than $2.5 million in 2022 alone to scams across just three prominent cybercrime forums. It has become such an issue that many such forums now host arbitration rooms where users can raise complaints and seek redress.
We often imagine cybercriminals to be mysterious figures behind a computer screen, with the well-worn cliche of hoodies and black gloves. But the people behind those portrayals are human and will no doubt be impacted by the recession. As funds tighten, many will become desperate and turn to crime; there is no reason to believe this will not apply to the criminal underworld as well.
Whether predictions of an approaching recession are accurate or not, the fear and uncertainty surrounding the question are already creating a ripple effect on cybercrime. However, one thing is for certain: a robust and healthy cybersecurity industry is more necessary than ever.
