COVID-19 Pandemic Spurs Cyber Attacks

Cyber Attacks are constantly evolving, cybercriminals are targeting computer and other devices in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no exception. IT has caused the global disruption, also has changed the cybersecurity threat landscape.

There has been an increase in the number of cybercrimes since professionals were asked to work from home. The national cybersecurity agency CERT-In stated that "Cybercriminals are exploiting the COVID-19 outbreak as an opportunity”.

Attacks broadly fall under 4 categories - Phishing, injecting malware/ransomware, peddling things of dubious utility and malicious targeting of people/communities.

WHO reports fivefold increase in cyber attacks, last week they reported some that 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. The number of cyberattacks is now more than five times the number directed at the Organization in the same period last year.

“Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together,” said Bernardo Mariano, WHO’s Chief Information Officer.

The surge of spam

Sophos measured a significant percentage of the spam traffic by early March.

Spam campaigns detected by Sophos

• A sextortion scheme threatening to infect the target’s family with COVID-19 if they didn’t pay.• A scam purporting to be a fundraising plea from the World Health Organization, asking for donations in Bitcoin to fund COVID-19 research.

• Messages purportedly from WHO, but carrying documents with dropper malware.

• Marketing for “emergency supplies,” including filter masks.

• A sales pitch for a $37 video download, purporting to offer insider information from a “military source” on how to survive Coronavirus

• COVID-19 related extortion scams detected and blocked by Sophos

Trend Micro recorded more than 48,000 hits on malicious URLs and detected 737 malware threats URL attacks increased 260x and email spam attacks increased 220x from February 2020-March 2020.

Debasish Mukherjee, VP, Regional Sales APAC, SonicWall

We are seeing a spike in the number of ransomware, phishing attacks through malicious links and apps to hack devices and steal data. We are also witnessing ‘Back to school’ ransomware attacks which are heavily targeting K-12 and academic institutions for higher learning.

As the global workforce shifts to work-from-home deployments, organizations are operationalizing a much larger group of remote users, making virtual private networks (VPNs) more critical than ever before. In fact, SonicWall has seen a 1,766% increase in VPN-SSL customers quarter-to-date.

Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic and sending fraudulent email and WhatsApp messages to trick people into clicking on malicious links or opening attachments. Once the user clicks on the link, it can reveal their user name and password, which can be used to steal money or sensitive information.

Trishneet Arora, Founder & CEO, TAC Security

Most companies are working remotely today, which has increased the susceptibility of cyber attacks and the theft of sensitive data. The hackers are sending unsafe links of people that can lead to the theft of sensitive data. At the current scenario, the role of cybersecurity has become more sensitive matter, the layer of security on home Wi-Fi systems are low.

Cybercriminals are taking more advantage of capitalism and access data which otherwise is secure. Nowadays, small business & medical sector are most vulnerable to cyber-attacks. Therefore, there is a need to make the cybersecurity industry more dynamic and responsive than ever before.

Yes, we have seen that Cyber Criminals are adopting different types of Tactics, due to which digital fraud is increasing rapidly. Similar to what Lt Gen. Pant of NCSC said, there has been a huge number of fraud portals related to Corona Virus have been created across the globe by cybercriminals.

Additionally, people are receiving fake infected maps, that also requires the users to download the software, follow the steps, which is a concern for data security of people. Also, individuals are receiving unknown calls from fraud call centres; asking them to share their personal bank details to increase their limits, on the other side, many people are getting fake messages and links as well.

In a blog post, Google stated that the company detected over 18 million daily malware and phishing emails related to Covid-19 on its platform. “Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to Covid-19. This is in addition to more than 240 million COVID-related daily spam messages,” the post read.

Spam campaigns detected by Symantec

Symantec came across dozens of new malicious email campaigns. The scammers have employed a range of tactics in a bid to evade detection, including various email templates, “From” addresses, IP addresses, and URL domains.

Rohan Vaidya, Regional Director of Sales - India, CyberArk

When critical situations arise that prey on human concerns, there are often added cyber risks in the form of bad actors trying to capitalise on people’s fears. The current global health crisis is no different, with the WHO warning of hackers launching carefully coordinated phishing emails purporting to offer updates on the situation. In the Czech Republic, reports also indicate that hackers are targeting hospitals fighting the outbreak with ransomware attacks, showing the lengths hackers will go to in pursuit of monetary gain.

Symantec analysed the email campaigns, while earlier it was dominated by phishing and MalSpam (malware bearing) emails. Later on, snowshoe spam took over as the most common form of campaign, accounting for more than 40 per cent of all emails blocked by Symantec. This was following by phishing (30 per cent), MalSpam (18 per cent), and scams (9 per cent).

There was a sharp uptick in the number of malicious emails blocked by Symantec on March 16, with a surge of spam runs focused around selling face masks, medical equipment, immunity oil, and other products related to COVID-19 virus outbreak.

• CDC phishing emails: Phishing email purporting to come from the U.S. Centers for Disease Control and Prevention (CDC)

The email was crafted to appear as a message from the U.S. Centers for Disease Control and Prevention (CDC). So the recipient shall click on the link, the link text appears to be “cdcinfo.gov”, but it takes the user to a malicious URL.

Surendra Singh, Senior Director & Country Manager, Forcepoint

Opportunism is the hallmark of cybercriminals. They constantly hone their tactics of orchestrating cyber-attacks. Whether it is cyber criminals, scammers, or opportunists, the current situation has proven to be the perfect time for them to target users in a variety of ways. These include phishing, business email compromise (BEC), malware, ransomware, fake websites, domain squatting, and spam.

Unsurprisingly, when it comes to malicious activity, we have seen a rise in unwanted emails (malicious, spam, or phishing) containing embedded URLs using the keywords of COVID or Coronavirus. Malicious coronavirus-themed emails try to instill a sense of urgency in end users, encouraging them to undertake tasks such as submit personal data or reset company passwords.

Even, many new websites – both malicious and legitimate – were registered in March and early April with COVID or Coronavirus-themed domains. There were many spikes in browsing activity, one of which can be explained by an interest in a legitimate Indian Covid-19 tracking site that correlated with an order prescribing lockdown in the country.

Whether employees are using work-issued laptops or accessing files from their home computers, we must be vigilant and double-check any requests which seemingly come from official sources.

• Phishing email disguised as funding proposal: The phishing campaign used a short template to masquerade as a legitimate business email.

The email urges to review coronavirus funding proposals, with “Access to View File” hyperlinking to an online document. When the viewer clicks on the link, it asks for their credentials.

Diwakar Dayal, Managing Director at Tenable, India

Cybercriminals have taken advantage of the health crisis to target users in a variety of ways, including leveraging it in malicious emails to phish users and spread digital viruses.

The tactic of using current affairs to make scams more relevant isn’t new. We’ve seen similar types of scams associated with natural disasters and popular global events in the past. This pandemic has once again provided cybercriminals with another route to peddle their malware and steal login credentials by playing on people’s fears.

As more employees in India work from home, they need to be mindful that clicking on phishing emails from their personal devices can introduce new threats and put the wider corporate network at risk.

• Advance fee fraud scam: One example of a COVID-19 themed scam campaign seen by Symantec is an email pretending to come from the World Health Organization (WHO) and appears to be a classic example of advance fee fraud.

• COVID-19 themed extortion attempt: In this scam campaign, the sender claims to be a neighbour of the recipient who has been diagnosed with COVID-19. He tried to threaten to infect the recipient’s home unless they pay them.

Prashanth G J, CEO, TechnoBind

The current pandemic situation has created a perfect storm for Cybercriminals to capitalize on the latest trends to try and boost the success rates of attacks. The malware and cybersecurity attacks have been hitting all over and due to increased hacker activity; phishing attempts have gone up by three times.

It has been noticed that the FBI's Internet Crime Complaint Center (IC3) has received and reviewed more than 1,200 complaints related to COVID-19 scams and one of the major threats observed in India was AZORult — a malware designed to steal information including credentials and take data from your computer including passwords and cryptographic forms of money. This malware first discovered in 2016 but was recently linked with malicious files and apps belonging to the COVID-19 theme.

• Surgical mask spam: Another spam campaign claimed to come from a surgical mask supplier in China and now asking the receiver to purchase from them and then sell.

Recently, Trend Micro Research analyzed coronavirus-themed malware. This malware overrides systems’ master boot record (MBR), making it unbootable and has "Coronavirus Installer" in the description.

Romana Linkeova, Malware Researcher, Avast

From what we can see, fake shops are the most common type of scam, selling discounted medical equipment, like face masks or hand sanitizer. Some are even claiming to sell treatments or at home COVID-19 tests. Anyone, including scammers, can set up a shop online under almost any name. Some online sellers falsely claim to have in-demand products, like cleaning, household, and health and medical supplies. But when you place an order, you never receive the goods.

Websites often offer “medications” that supposedly can prevent one from getting sick or miraculously help an infected person recover. This ‘cure’ can take the form of pills, drinks, powders, and more, but cannot actually cure anyone from the virus, and just rip people off.

Scammers are including “World Health Organization (WHO)” in their fraudulent schemes. Most scams including references to WHO are circulating as emails, but there are also rogue websites, as well as text messages. Many of these scams request detailed information and/or money from individuals, businesses, or non-profit organizations with the promise that they will receive funds or other benefits in return. Others ask for donations to support the treatment of sick patients or registration fees for conferences allegedly sponsored by WHO. Another type of scam proposes employment opportunities with WHO. These scams try to be more convincing by including the WHO logo, and originate from email addresses made to look like the message came from WHO or the United Nations.

Scammers are also targeting victims by sending out text messages appearing to be sent from a legitimate company or organization. These messages typically include a link taking the potential victim to a site that may look real, but in reality is just a simple web page designed to gather personal information like credit card details, login credentials, and even home addresses.

When the malware executed, the infected PC will restart automatically and then displays a virus-themed window that cannot be closed. Clicking on any button won’t work including, Help and Remove virus.

Trend Micro Research also analyzed a Covid-19 themed malicious HTA file based on the command and control infrastructure. This HTA file contained a pop-up PDF lure displaying clickbait titles and images of the Pakistan army. It was connected with below mentioned malicious URLs:

o hxxp<://www.d01fa<.net/plugins/16364/11542/true/true/

o hxxp<://www.d01fa<.net/cgi/8ee4d36866/16364/11542/58a3a04b/file.hta

o hxxps<://cloud-apt<.net/202/6eX0Z6GW9pNVk25yO0x7DqKJzaNm6LIRaR0GCukX/16364/11542/2a441439

Anil Bhasin, regional vice president, India & SAARC, Palo Alto Networks

Cybercriminals have been exploiting fears of the people around the COVID-19 outbreak to find ways to hack their digital space and the most common and widely seen crime is by conducting email scams, phishing and ransomware attacks. These emails and messages entice users to open malicious attachments by offering more information related to the COVID-19 situation but contain malicious files masked under the guise of links, pdf, mp4 or Docx files.

During this global pandemic, our dependence on home internet has increased manifold as employees have set up virtual offices at home. This scenario has proven to be a golden opportunity for cybercriminals.