Cybercrime and COVID-19: A Perfect Storm

By Ketan Kapadia
UpdatesCybercrime

Cybercrime surged during COVID-19, exposing the limits of password-based security. Learn how passwordless authentication stops attacks before they begin.

Cybercrime and COVID-19: A Perfect Storm

By Ketan Kapadia

How did COVID-19 accelerate cybercrime?

The COVID-19 pandemic created a massive surge in remote work and digital activity, exposing weak points in organizational security. Cybercriminals exploited this disruption, launching sophisticated phishing, ransomware, and credential-theft attacks at an unprecedented scale. The result was a dramatic rise in cybercrime globally—powered by stolen passwords and human vulnerability.

TL;DR

Cybercrime spiked during the pandemic, with phishing, ransomware, and credential theft targeting overwhelmed users and newly remote systems. The solution? Replace outdated credential-based access with passwordless authentication that scales securely and eliminates the biggest vulnerability: the password.

The COVID-19 Cybercrime Surge

The shift to remote work and digital dependency during COVID-19 led to a sharp rise in attacks targeting insecure access points and user behavior. Key stats from the height of the pandemic:

  • 📈 Phishing increased by 667% between January and March 2020
  • 🕵️‍♂️ 25,000+ credentials from health orgs like WHO and CDC were leaked and weaponized
  • 💥 Over 500,000 Zoom accounts were posted on the dark web
  • 💸 Ransomware payouts rose 33%, with attacks up 49% over baseline
  • 🌐 70% rise in remote work increased the attack surface significantly
  • 🇺🇸🇨🇦 $13.2 million+ in fraud losses reported in North America alone

Cybercriminals didn't evolve overnight—but they didn’t need to. Weak passwords, confused users, and outdated login methods made access easy.

Why People Are Still the Weakest Link

Blaming users for security failures doesn’t solve the problem. Password reuse, weak credentials, and insecure authentication flows are design failures, not human ones.

Most people:

  • Can’t manage 90+ unique logins
  • Use predictable or repeated passwords
  • Fall for phishing scams when under pressure or distraction
  • Receive little training or support

The solution is not more rules. It's better design—and that means eliminating passwords altogether.

A Better Way Forward: Passwordless Authentication

Passwordless systems verify identity using biometric factors, digital signatures, and real-time context. This dramatically reduces the risk of credential-based attacks.

Key benefits:

  • 🛡️ No password reuse = no password theft
  • 📲 Easier, faster login = better user experience
  • 🔐 Resistant to phishing, brute force, and MFA fatigue attacks
  • ⚙️ Compatible with identity standards like SAML, OIDC, and REST APIs

Where to Start with Passwordless Security

You don’t need to overhaul everything at once. Start with high-risk or high-value access points:

1. Customer Identity and Authentication

Protect your most important business touchpoints—login flows for e-commerce, finance, healthcare, and online services—where credential theft leads directly to fraud and revenue loss.

2. Remote Access: VPN and Virtual Desktops

Remove static credentials from your remote workforce. This shrinks the attack surface and prevents lateral movement after initial access.

3. IT Support Efficiency

Password resets are one of the top support burdens. Going passwordless can eliminate up to 50% of help desk tickets related to access issues (source: Gartner).

BlokSec’s Role in Stopping Credential-Based Attacks

BlokSec’s Immutable Authentication™ provides passwordless, phishing-resistant access for employees, customers, and business partners. Our tri-factor model:

  • Verifies identity without shared secrets
  • Delivers contextual transaction awareness
  • Scales across environments with native support for SAML, OIDC, and REST APIs

It’s simple to implement and powerful enough to secure the post-pandemic enterprise.

Final Thought

COVID-19 revealed how fragile the status quo really was. The explosion in cybercrime was not a fluke—it was a wake-up call. Organizations must now move beyond credential-based security to truly protect themselves, their users, and their future.

Passwordless authentication isn’t just more secure—it’s more usable, scalable, and ready for the new normal.

FAQ: COVID-19 and Cybersecurity

Why did cybercrime increase during the pandemic?

Remote work and digital reliance expanded the attack surface, while users were more distracted and overwhelmed—making phishing and credential theft easier.

What role did passwords play?

Passwords were the weakest link. Phishing and credential stuffing allowed attackers to exploit reused or weak credentials at scale.

How does passwordless authentication help?

It removes passwords entirely, replacing them with device-bound biometrics and cryptographic authentication that can’t be phished or reused.

Is it hard to implement?

No. Modern platforms like BlokSec integrate easily with enterprise apps, support SAML/OIDC, and can be deployed incrementally.