Northdoor comment:
Cybercrime high on charity sector priorities as it is hit for over £3.6m since March – and yet has become the recipient of cybercrime gains
The Charity Commission has recently highlighted that charities have reported being the victim of fraud or cybercrime 645 times since the start of the pandemic in March. This has resulted in over £3.6 million in total losses to charities, although the true scale of fraud is believed to be much higher as this is known to be underreported.
The Chief Executive of the Charity Commission, Helen Stephenson has urged “all trustees to take action now, to protect their charity’s valuable funds and assets”. Of course, unlike other sectors, any money taken from charities by criminals is not simply taking it from the bottom line, but away from some of the most vulnerable people in our society.
Taking advantage of the pandemic
The impact of the pandemic on the charity sector has been huge. The increase in remote working, virtual activities and sign-off processes all outside of the corporate network, has meant that criminals have seen an opportunity to target a particularly vulnerable sector.
The growing menace of ransomware particularly is seen as a real threat to the sector. An example of a ransomware attack was the Blackbaud cyber-attack earlier this year, which saw US software provider Blackbaud (one of the biggest providers of fundraising, financial management and supported management software in the UK), breached. At least 30 charities had some data stolen as a result, putting finances and the personal information of supporters at risk.
Sophisticated approaches mean charities have to up defences
With criminals using increasingly sophisticated approaches, particularly in ransomware attacks – and with colleagues becoming more vulnerable by working outside of their usual environments it is crucial that charities continue to boost their cyber defences, educate staff as to what the latest threats look like and ensure that their data is as protected as much possible.
£3.6 million has already been taken from charities at a time where they need every penny. It says everything about these criminals that they are targeting charities at this time and highlights how seriously cyber security needs to be taken within the sector.
Robin Hood criminals?
Criminals are deliberately targeting charities at this particularly vulnerable time. However, recent news has also seen a remarkable turn of events. A relatively new hacker group called Darkside, have donated receipts for $10,000 in Bitcoin to two US-based charities. This strange and rather troubling event has shocked many and could cause real issues for the charities involved.
Whether this is a case of guilty conscious, the mockery of the sector – or some other malicious plan is unclear. What is clear is that the charities (Children International and The Water Project) that have received the funds now find themselves in a very difficult situation. That amount of money will undoubtedly make a huge impact on their work (although, in comparison with the huge sums involved in many ransomware attacks, it is just a drop in the ocean). However, any money from criminal activity goes against many charity regulations and could actually be seen as money laundering.
Rather than being a Robin Hood like act, this is more likely to be a further demonstration of ransomware criminals becoming increasingly aware of their profile. This is much more reflective of a PR campaign highlighting their ability to secure high-profile media coverage – therefore, acting not as a good deed but as proof to their future victims that their threats of going public with stolen data are very real, with access to the world’s media.
We have seen recent ransomware attacks being responsible for the death of at least one person in Germany, numerous hospitals and medical research centres being attacked and causing the loss of hundreds of jobs as companies suffer the huge consequences of being attacked. This should in no way be seen as a generous act but rather an acceleration of new threats from manipulative criminals.
It should act as a warning to the charity sector to take steps to protect against ransomware and begin to understand the type of criminals that are potentially targeting them.