Defending the Enterprise from COVID-19
By: Shomiron Das Gupta
Over the past few months, the world is witnessing a crisis due to the COVID-19 pandemic. The novel coronavirus has spread its wings and creating panic everywhere. Cybercrime is taking advantage of this pandemic and is launching cyberattacks on networks. Malware and phishing attacks are taking place worldwide, adding to the panic and despair of victims.
A major advantage for hackers with malicious intent is the employees working remotely. It is a known fact that home Wi-Fi networks are easier to target compared to secure office infrastructures.
There has been a global increase in the number of phishing emails since February 2020. The overall cyberattacks risk has never been higher, since a lot of time is spent online. A serious attempt is made by hackers to attack networks while the world is busy fighting the COVID-19 virus.
The virus is being used in email spam, malware, ransomware, and malicious domains. Recently, there has been a rise in the number of emails received with information relating to the virus. In other cases, hackers are impersonating organizations such as the World Health Organization to scam individuals and enterprises.
In these times, it is extremely important to remain cautious and identify a threat before it materializes.
Recent case studies:
- A major threat that took place in India is AZORult – a malware that stole important information and credentials. It was linked with malicious applications belonging to the theme of the virus.
- Mobile ransomware named CovidLock is a malicious Android app that supposedly helps track cases of the virus. However, the ransomware locked the phones of victims and gave them 48 hours to pay USD100 in bitcoin to regain access to their phones. Threats included deletion of data stored in the phone and leak of social media account details.
- Another cyberattack was found propagating a fake COVID-19 information app from the World Health Organization. This involved hacking the domain name system that prompted web browsers to display alerts from their app.
- In another instance, the web browsers of users opened automatically and displayed a message to download a ‘COVID-19 Inform App’. On being downloaded, it installed the Oski Info Stealer on the device that intended to steal browser history, payment information, saved login credentials, and so much more.
- Malware is also spreading through a COVID-19 tracking m This malicious Android application contains spyware that gains access to all your data. It steals information from users including passwords, credit card numbers and other important data stored in the browser.
- In India, fake information, fake letters and fake government alerts are adding to the hysteria. While India is going through a lock-down, there has been a considerable rise in the spread of fake news on Facebook and WhatsApp.
Types of threats:
Many emails that are being sent to the public, under the guise of official organizations containing an update on the virus are in fact spam emails with malicious attachments. They can also be related to shipping confirmations and updates.
Here are some measures you can take to avoid being the victim:
- Check the sender’s email address. Does it match the contact name?
- Try not to tap or click on any links provided in the email.
- If you are unfamiliar with the source, do not download any attachments.
- Use different mediums to verify the same.
In the last few months, thousands of domains have been registered with words such as ‘corona’, ‘virus’ and ‘covid’, some of which are created with malicious intent.
Here are some of these websites:
- Business email compromise (BEC):
This threat targets accounts receivables of enterprises and then uses customer information to inform them of a change in bank and payment procedures because of the virus.
- Malware, Trojans and, ransomware:
Victims unknowingly download various attachments from email accounts and websites that lead to a network compromise. It goes beyond encryption and steals sensitive information.
Examples of such file attachments include:
- AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
- Coronavirus COVID-19 upadte.xlsx
- CORONA VIRUS1.uue
- CORONA VIRUS AFFECTED CREW AND VESSEL.xlsm
- Mobile and apps threats:
Such applications include a malware variant that steals your data and collects your contact list.
Measures to be taken:
Some simple steps that go a long way are having strong passwords in place, multi-factor authentication, using the latest software and taking regular backups. Use a reliable VPN for internet access, wherever you can.
Before acting, it is necessary to ensure that the information has a reliable source. Stay vigilant about any suspicious activity, emails, and scams. Avoid clicking on links that are new or unfamiliar. Look for common signs. If an unfamiliar source asks you to click a link or provide them with personal information, it is a major red flag.
Identify key personnel:
Preparing and educating the people about potential harm and attacks are critical in sustaining your business. Ensure your employees are aware and educated.
Follow official updates:
Verify the legitimacy of any information that comes your way. Do not spread it without being sure of the source.
Prepare to recover:
It is important that companies formulate a recovery plan in case of an attack. The operations should continue in such cases with minimum impact.
Respond with vigilance:
Along with digital citizens, hospitals are also susceptible to such threats and attacks. Exercise appropriate caution against these schemes and help prevent cybercrimes.
Unfortunately, new variants of such attacks are more likely to emerge in the next few months as hackers will continue to take advantage and play on the world’s fears. Attacks can also be done with other themes such as tax filing, pending shipping orders and invoices.
The only way to avoid being a victim is to be cautious. The way you behave and react online and offline can help curb the spread of the virus. Rely only on legitimate government and health websites. Ensure that the organizations collecting donations are bona fide. Do not open any suspicious links. Do not spread misinformation.
Don’t panic, be aware and keep your family and networks safe during this pandemic.
Let’s all get through this together.
(The author is Founder, DNIF-Next Gen SIEM and the views expressed in this article are his own)