Covid-19 ignites a firestorm of cyber attacks
Anushruti Singh May 14, 2020
MORE IN Technology
The ongoing global crisis of Covid-19 has caused catastrophic impact on the businesses worldwide. It has metamorphosed entirely the mode and manner in which businesses are operated. Most of the organisations are now compelled to improve their IT infrastructure due to increased social distancing and remote working. The industries which were earlier reluctant to go online are now adopting digital solutions in order to keep their business operations intact. Nevertheless, enterprises and government agencies across various sectors face an evolving cyber security threat caused by the rapid transition of work cultures of organisations.
Numerous cyber security firms are monitoring this growing trend and have recorded a significant surge in COVID-19 related threats. Cybercriminals have unleashed a surprisingly high volume of new threats during this short span of time to take advantage of inadvertent security gaps. “It is undeniable that our presence online has increased tremendously because of this pandemic. Now, it has become a necessity to secure our digital lives and assets more than ever knowing that cybercriminals are lurking and waiting for their prey,” says Stephan Neumeier, Managing Director for Asia Pacific, Kaspersky, a global cybersecurity firm.
Recent Trends of Cyberspace
Talking about APAC region, Kaspersky detected 93 coronavirus related malware in Bangladesh, 53 in the Philippines, 40 in China, 23 in Vietnam, 22 in India, and 20 in Malaysia.
Similarly, a research conducted by Fortinet, an American Cybersecurity Enterprise shows that everyday an average of about 600 new phishing campaigns are run. While they have identified 119 major coronavirus campaigns run globally, the most recent campaign according to them was detected on 24th March. The phishing email was sent to Canadian government health department and contained RTF phishing lure which came from a spoofed address noreply@whoint.
The common phishing attacks range from scams related to helping individuals in making their contribution for COVID-19 tests to providing access to Chloroquine or other medicines. In addition to scams targeting adults, some phishing attacks target children with offers of online games and free movies, or even access to credit cards for buying online games or shopping.
Recently, government agencies had to provide clarification over malicious emails and messages disseminated on WhatsApp claiming that government is providing Rs 1,000 under fake Corona Sahayata Yojana Scheme. Press Information Bureau (PIB) clarified that both the claim and link were fraudulent and warned people against clicking on it. Also, fake accounts are being circulated on the pretext of the Prime Minister’s Citizen Assistance and Relief in Emergency Situations Fund’ (PM-CARES Fund). In other development, fake ransom seeking email scams are growing increasingly. Computer Emergency Response Team of India (CERT-In), the country’s federal cybersecurity agency has alerted users about such emails. This scam is an ongoing ‘fake’ email campaign that claims to have recorded personal video of a user that could be published if a ransom amount in crypto-currency is not paid.
However, a latest advisory agency has said while there is ‘nothing to worry’ about such emails and users should just update or change their passwords while they login to any of their social media accounts or online platforms and if they suspect that their accounts are being compromised. This should be frequently done now since there was a sudden spike in virus attacks. According to Fortinet, the first quarter of 2020 registered a 17 per cent increase in virus attacks for January. February then saw a 52 per cent increase which further increased to an alarming figure of 131 per cent in March as compared to the corresponding period in 2019.
The significant rise in virus attacks is mainly attributed to malicious phishing attachments. Multiple sites that illegally stream movies while these are running in theatres secretly infect malware to anyone who logs in. As free game, free movie, and the attacker becomes a part of your network, the risk for IoT devices also magnify. Since all users are connected to the home network, multiple avenues are open for attackers that can be exploited targeting devices such as computers, tablets, gaming, and entertainment systems. It also includes online IoT devices such as digital cameras, and smart appliances with the ultimate goal of getting an access to a corporate network and its valuable digital resources.
Disruption of Businesses Due to Cyberattacks
If the device of a remote worker can be compromised, it can act as a conduit back into the organisation’s core network. This further enables the spread of malware to other remote workers. The resulting business disruption can be impactful as ransomware targeting internal network systems for taking a business offline. The devices infected with ransomware or a virus can incapacitate workers for days while devices are mailed in for re-imaging since helpdesks are mostly remote now. With these increasing threats, a notable surge in the number of domains using words such as Corona or COVID-19 has also been observed.
According to a recent threat landscape analysis by PwC India, the number of cyber attacks on Indian organisations doubled in March 2020 from January 2020 as the COVID-19 outbreak began in India. The study tells that as India started witnessing a significant rise in the number of COVID-19 cases after 15 March 2020, there was a massive wave of attacks targeting many Indian organisations. However, this subsided till the next wave of attacks returned. Typically, rises and falls of attacks spike within every 24 hours on an average. On the other hand, a sustained campaign is known to occur usually at a periodic interval of a week or some days.
Many Indian organisations saw a 100 per cent increase in attacks between 17 to 20 February 2020. The study further states, “The remote work infrastructure is being heavily targeted, along with attempts of identity theft and malicious payload delivery. As organisations work in an expedited manner to set up virtual private network (VPN) infrastructure in order to make their employees work remotely, threat actors are banking on weak authentication mechanisms and identity thefts through widespread phishing campaigns.”
Another small scale survey by a cybersecurity firm Check Point endorses the fact that organisations are seeing a rise in security threats and attacks. According to the survey, 71 per cent of the IT and security professionals who were surveyed reported an increase in security threats or attacks. In addition to this, 61 per cent of respondents said that they were apprehensive of the security risks emerged from changes made to enable remote work. Phishing attempts (55 per cent) and websites claiming helpful information on coronavirus (32 per cent) have emerged as dominant threats to the organisations, the respondents said.
In phishing attacks, a bad actor steals sensitive information by luring people to open an email, instant message, or text message containing malicious links or attachments. Talking about the rising numbers of cyber threats Rafi Kretchmer, Head of Product Marketing, Check Point resolves, “Cybercriminals will always seek to capitalise on the latest trends to boost the success rates of attacks, and the coronavirus pandemic has created a perfect ecosystem for this with dramatic changes in working practices and the technologies used by organisations.”
Check Point firm also saw a spike in the number of Zoom domains and spotted malicious files targeting people working from home. The Check Point also documented 1,700 new Zoom domain registrations since advent of the pandemic. 25 per cent of these registrations were registered in the past weekdays and 70 domains were deemed as suspicious. “This means a significant increase in the attack for many organisations which is undoubtedly compromising their security networks. To ensure security and business continuity in this rapidly evolving situation, organisations need to protect themselves with a holistic, end-to-end security architecture,” Kretchmer added.
Strong Infrastructure As a Prerequisite for Protection
MSMEs and Startups have become the most vulnerable targets for hackers. Even a smallest of mistakes can lead to serious repercussions in the future. Hence, there is an urgent need for industries to collaborate for bringing out a secure and sustained platform to counter data breaches effectively. Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet asserts, “One thing that analysts and pundits can predict to a great degree of certainty is that cyber attacks will continue to rise and will become a major global threat to businesses.” Other cybersecurity experts also expressed similar opinion about this growing threat.
Discussing the fundamental issues in cybersecurity and how employees are increasingly becoming victims of rampant cyber-attacks while working from home Dr. Pavan Duggal, Cyber Expert and Senior Lawyer, Supreme Court of India opines, “These are unprecedented times where a new world order is replacing the existing systems. After the pandemic, we enter a new age where the ground reality is different with different rules of engagement. Cybersecurity will hence become a way of life for all stakeholders.”
Harsh Marwah, Chief Growth Officer at iValue InfoSolutions in a webinar said that the threat landscape is evolving for infrastructure and applications as more users feel liberated working from home now. “Adversaries are agile, well-coordinated, competent, and with an inherent asymmetric advantage over us. Our first line of defense, people are more vulnerable as they fall prey to phishing campaigns in less than the average time of 82 seconds. Conventional perimeter based on castle-and-moat model has become obsolete and data has become the new perimeter. Work from home enterprises need renewed architecture based on ‘Cloud Security Platform’, adhering to zero trust model. Capability of minimising the threat arise with a strong threat mitigation stack, support for effective authentication, scale, performance, and ease of deployment,” proclaims Marwah.
“This also means that litigations are going to surge in future. We are expecting numerous litigations after the COVID pandemic and there will be serious cyber legal implications for organisations to handle. Network service providers will become the intermediaries, and will be mandated to exercise diligence in daily proceedings. Employees and corporates will be required to consider the aspects such as corporate risk, legal and policy transformations, civil-criminal-legal liabilities before restructuring cyber-security norms,” adds cyber expert Duggal.
According to the EY Global InfoSec Survey 2020, only 20 per cent of board members are extremely confident about their cybersecurity risks and mitigation measures that can protect an organisation from major cyber attacks. Thus, cyber experts are now emphasising on IT and security teams more than ever across organisations including MSMEs and startups. They need to synchronise their actions effectively in order to enable the safe continuity of business operations during the current crisis.
On this Maurya of Fortinet comments, “Provided that what is at stake is not the just critical customer data, but also the revenue of businesses and their brand reputation and not to mention hefty penalties stemming from regulators should their networks be compromised. Therefore, it is imperative that organisations use every bit of the security technology available to prevent the possibility of a network breach. During this period of work from home, we took a proactive approach to install a backup solution that allowed our operations to fall upon a backup device and continue operating as if nothing had happened.”
On the other hand, Husain Habib, Co-founder of Hats-Off Digital Private Limited suggests that regular data files backup can be a solution to curb such threats. He further tells that they recommend similar steps to their clients such as using proper filtering and protection suite. “In what could have been a cataclysmic shut down, they lost no time and have had no problems since our suite of tools were installed. Another threat is the use of weak passwords getting hacked. Such threats can be posed from an insider who can access your important business data which can further prove to be detrimental for your business. Hence, we always make sure to have a strong password,” Habib claims.
Loss Incurred by Fintech Companies
It is indeed a best time for various Fintech companies to proliferate. However, as more and more services go online, data ubiquity and security is increasingly becoming a challenge. Owing to sensitive information about individuals and enterprises handled by financial services sector, fintech companies will now be on the hit list of cybercriminals more than ever. A survey of IT security leaders by Kaspersky states that the majority of CISOs (i.e 64 per cent) agreed that speed and quality of incident response handling are primary metrics to measure performance in the role. However, it becomes harder for security analysts to keep everything in sight and react to the most significant threats in time when a company has numerous assets that are exposed online.
In view of this, small financial institutions can be more vulnerable to opportunistic cybercriminals. In such a setup, hacking of various biometric databases and digital fingerprint thefts can also happen. Further, they are more at the risk of cyber frauds as most of the claims made online can be fake. “Fintech companies especially those in payments and lending large amounts of sensitive user data are more on verge of attacks. The data held ranges from ID documents, demographic data, banking or payments transaction data, credit history and card or wallet data,” reaffirms Sameer Aggarwal, Founder and CEO, RevFin, a consumer loan lending startup.
“This makes it imperative for fintech companies to employ the highest standards of security to protect them against hacking and data theft. In fact, cyber security should be a part of technology strategy or roadmap for fintech firms. They must also conduct regular vulnerability and penetration testing to ensure fortification of systems. All third party connections like cloud services, database management, website hosting etc should be done only with reputed organisations with known security standards,” he ascertains further.
Increase in Demand of Cybersecurity
The increasing cyber threat has in turn has led to an increase in demand for greater cybersecurity and privacy. As businesses are still coping up, cybersecurity is being seen as a core technology to keep companies secure as they go online and virtual. Also, as emerging technologies such as Artificial Intelligence, Machine Learning, Blockchain etc are evolving, investment in cybersecurity will be a seen unique segregator for companies providing such services. Rajan Anandan, MD, Sequoia Capital, in a virtual conference pointed out immense opportunities that COVID-19 has brought in this arena.
According to him post COVID-19, digitisation of companies is going to accelerate dramatically as industry is already witnessing innovative ways in which online education, telemedicine facilities are accelerating. “As the pandemic dust settles, COVID-19 will actually prove to be an accelerator for cyber security and its definition will expand. Cybersecurity have now being a key priority for investors, therefore start-ups need to focus on building scaling up and planning to get to $100 million Annual Recurring Revenue (ARR) to catch the attention of venture capital funds and investment firms,” Anandan said in the conference.
Ajay Sawhney, Secretary, Ministry of Electronics and Information Technology (MeitY) reinforced in the same webinar that all focus lies currently on COVID-19 management and innovation challenges are being conducted to tackle the after effects of pandemic. Recently, MeitY and DSCI (the Data Security Council of India) have joined hands to establish a National Centre of Excellence to accelerate innovation and make India an attractive cybersecurity market. In order to do this, experts of this arena have recommended several steps such as raising awareness among team members on COVID-19 themed phishing attacks, sharing measures on how to stay safe, and providing regular communications on cybersecurity approach.
Further, setting up strong passwords preferably with two-factor authentication, for all remote access accounts; providing guidance on how to use remote working solutions; ensuring that all provided laptops have updated anti-virus and firewalls; running a helpline or online chat which workers can easily access for cyber security concerns; encrypting data at rest on laptops used for remote working; and disabling USB drives to avoid the risk of malware are few more effective measures that organisations can consider to reduce the risk of cyberattacks. However, COVID-19 will completely transform the way we work, simply challenging organisations to modernise their IT infrastructure in order to deal with cybercriminals while their employees work remotely.