The current health crisis of coronavirus pandemic is no exception for cybercrooks. Cyberthreats are constantly evolving taking advantage of online behaviour and trends. Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organisations at a time when cyber defences are reduced due to the shift of focus to the current health crisis.
There is an increase in cyber-attacks on computers, routers and unprotected home networks used by employees who have switched to remote working due to spread of Covid-19.
Cyber Criminals are exploiting the outbreak as an opportunity to send phishing emails claiming to have important updates or encouraging donations impersonating trustworthy organisations.
With most of the employees working from home, VPN servers have become paramount, their security and availability became the focus of IT teams. Cybercriminals are using common phishing tactics to compromise these servers. Since they are amid a health crisis and cannot afford to log out of their systems, the criminals believe that can be exploited easily
Advertisements
Few types of attacks are
- Malicious website: Many listed domains on the internet that contain the terms: “coronavirus”, “corona-virus”, “covid19” and “Covid-19”.
- Malware: Malware, spyware and trojans have been found implanted in interactive coronavirus maps and websites. Spam emails are also deceiving users into clicking on links which download malware to their computers or mobile devices.
- Ransomware: The ransomware can enter their systems through emails comprising infected links or attachments, compromised employee credentials, or by manipulating a vulnerability in the system.
Some of the subjects cybercriminals using are
- The mask that can prevent coronavirus now
- How to protect your body from Covid-19
- Covid-19 Solidarity Response Fund for WHO – donate now
- Coronavirus is spreading, this specialised mask can control it
- PMCARE@SBI / PMCAR@SBI, while the correct one is PMCARES@SBI
- Coronavirus alert: Free breathing masks for the USA
- Prevention and treatment of coronavirus
- Fight Covid-19 together! Don’t give up!
- HDFC EMI update – Chose the option
- Covid-19 vaccine update
- This can protect you from the coronavirus
- Feeling helpless against corona?
- Covid-19 response fund
Advisory from CERT (Computer Emergency Response Team)
- Many organisations have allowed their employees to work from home to stop the spread of coronavirus and they are using various video conferencing tools for their webinars and office meetings, CERT identified few vulnerabilities in few of the tools and they are as list below, For more information please log on to www.cert-in.org.in
- Zoom Video Conferencing System – CIAD-2020-0010
- Zoho Video Conferencing System – CIAD-2020-0054
Covid-19 related cybercrimes reported in India
- PMCARES@SBI is the right UPI handle, fraudsters created similar impersonating handles like PMCARE@SBI, PMCAR@SBI to steal money
- Phishing Emails – Spoofed email for EMI moratoriums from banks
- Phishing Emails – Impersonated charity organisations seeking donations
Tips to avoid such cybercrimes
- Do not click on any unknown emails/attachments/links/maps, mentioning Covid-19 – Scammers are using phishing tactics in the name of charity, help desks, maps & selling masks, just to steal your identity or money
- Back up all your important files, and store them independently from your system (e.g. in the cloud, on an external drive)
- Always verify when you are on a company’s legitimate website before entering login details or sensitive information
- Allow remote access to the organisation’s network strictly with multi-factor authentication
- Office administrators must be advised to apply strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring
- Ensure you have the latest anti-virus and malware software installed on your computer and mobile devices
- Office administrators must consider Mobile Device Management (MDM) and Mobile Application Management (MAM). These tools can allow organisations to remotely implement number of security measures, including data encryption, malware scans and wiping data on stolen devices
- Check the availability and duration of the remote login user actions. Ensure that remote sessions automatically time out for a particular time period of inactivity and that they require re-authentication to gain access.
- Download mobile applications or any other software from trusted platforms only
- Perform regular scans on your computers or mobile devices
- Regularly check and update the privacy settings on your social media accounts
- Update your passwords and ensure they are strong (a mix of uppercase, lowercase, numbers and special characters)
- Change the default passwords of routers and internet service providers
Stay Tuned to Cyber Talk Column April 14 about “Why Consent is different on Offline & Online”, brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org