Hackers and cybercriminals are not missing a beat during the coronavirus pandemic.
In Italy, the government is issuing relief payments to citizens (about $650). They are receiving claims through a social security website. There is a huge volume of legitimate traffic on the website–they have received an average of 100 claims per second. In the midst of this, the site has been under DDoS attacks. Because of the volume of legitimate traffic, it does not take a large botnet to successfully carry out a DDoS attack. The website was forced down on April 2nd.
In the U.S., we are seeing the first wave of stimulus checks going out. The IRS is using tax information to direct deposit the funds into citizen accounts using account information from tax returns. This is a problem for citizens who do not file taxes. For these citizens, the IRS is launching a website to gather bank account information to deposit relief funds into. It is unclear how effective this process will be in verifying identities before disbursing funds. Krebs reports that it looks like all that is needed is name, address, DOB, and SSN. This is all information that is regularly bought and sold on the dark web.
Cybersecurity Weekly 