COVID-19 and CYBERSECURITY
The Coronavirus (COVID-19) outbreak has caused an increase in the odds and impact of cyber-attacks, as organizations take quick steps to adapt to potentially significant operational and financial challenges. The nature of the threat is also evolving, with attackers exploiting the panic-like atmosphere. Scammers have successfully used the fear of the virus on every virtual platform. Cyber criminals, along with common people are also attacking the organizations which are our first line of defense against the virus. It is expected that many initial organizational responses to COVID-19 will have a net-negative impact on the cyber security algorithms of the business. This will be a combined result of existing risks being that are left unaddressed due to security expenditure cuts and frozen IT changes as we see new risks emerging. The biggest opportunity for cyber attackers in this global pandemic is not technological innovation but people’s changed behavior and patterns in their response to the crisis.
Here, we give a detailed assessment of how COVID-19 has created new opportunities for cyber threat actors and the steps that organizations can take to mitigate these risks.
COVID-19 and CYBERSECURITY
PHISHING/MALWARE DISTRIBUTION USING COVID-19 THEMES:
In cyberspace, dependence creates vulnerability, and malicious attempts to exploit this sudden, unplanned societal shift online have proliferated. Law enforcement officials report that criminals are, among other things, selling fake COVID-19 cures online, posing as intergovernmental or governmental health organizations in phishing emails, and inserting malware into online resources tracking the pandemic. Not only are organizations being targeted, end-users who download COVID-19 related applications are also being tricked into downloading ransomware disguised as legitimate applications. Some of them can be seen as:
- Latest corona-virus updates
- UNICEF COVID-19 TIPS APP
- POEA HEALTH ADVISORY re-2020 Novel Corona Virus.
- WARNING! CORONA VIRUS
Example file attachment names include:
- AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
- Coronavirus COVID-19 upadte.xlsx
- CORONA VIRUS1.uue
- CORONA VIRUS AFFECTED CREW AND VESSEL.xlsm
Many malicious applications/links are being distributed among users containing Remote Access Trojan(RAT) like Netwire, Nanocore, LokiBot to get access of the device. Ransomware attacks are also being performed in this pandemic. According to the source, more than 100,000 new web domains are being registered with “corona”, “COVID” keywords.
Expect these to proceed in the coming weeks and months. As the news develops, the attackers will adapt. We at the same time observe similar attacks utilizing regular topics identified with charge documenting, invoices, and delivery orders. For the sake of security, Android users should not install applications from untrusted sources (stick to the Google Play store) and iPhone users should not jailbreak their phones and install apps from third-party sources (stick to the AppStore).
Cyber attackers take advantage of the employees who are working from home but have not put up the necessary security on their networks that would be in place in a corporate environment, or that enterprises haven’t deployed the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have the exact same security protections, regardless of whether they’re connected to an enterprise network or an open home WiFi network.
Although “Work from home” has become a boon for organizations during this pandemic, they are tackling various security risks in the new work environment, leveraging new policies and technologies and empowering their employees.
Some of the critical aspects are:
- Endpoint protection on all laptops and mobile devices, including VPN tools with encryption
- An ability to enforce multi-factor authentication (MFA)
- An ability to block exploits, malware and command-and-control (C2) traffic using real-time, automated threat intelligence
- An ability to filter malicious domain URLs and perform DNS sinkholing to thwart common phishing attacks
Because an organization’s unpreparedness will lead to security misconfiguration in VPNs thereby exposing sensitive information on the internet and also exposing the devices to Denial of Service (DoS) attacks or any delays in cyber-attack detection and response.
During this pandemic, Zoom App has become one of the most used applications worldwide. Attackers have also targeted this video conferencing platform in some way. Online trolls have been sneaking into web meetings and disrupting them with profanities and pornography for the better part of the last month. Cybersecurity researchers fear these disruptions could be a precursor to more harmful attacks allowing hackers to commandeer connected machines to access secured files or other corporate software.
COVID-19 and CYBERSECURITY
In a Wednesday blog post, Zoom said that it takes security concerns “extremely seriously” and is working to address them. In addition, a Zoom representative has stated in an email that the company is upset about reports of harassment on Zoom and has sought to educate users about protecting their meetings.
Zoom also apologized, in another blog, for
“the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.” While the company strives to use encryption in as many scenarios as possible, “we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”
GOVERNMENT CARE FUNDS:
As India grapples with COVID-19, our prime minister Narendra Modi has announced the creation of the PM Care Fund spreading the message – “With any big crisis, comes great responsibility”. The creation of this Relief Fund following the COVID-19 pandemic in India will convince more people to give to the cause. It enables micro donations, all dedicated for combating, containment, relief efforts against the corona decreasing the pressure on the already fragile economy of India.
Having caught between saving lives and ensuring livelihoods, there still exists the evil minds of the society preying on the fears of corona. The great initiative by the government of Relief Fund has also been targeted at the same time. Some scammers are misleading the donations to the fund for their own profit and turning the users into the victims of their skills. For example: “pmcare@sbi”, which is the original, is misleading the people in other forms such as “pmcare@upi”, “carepm@sbi” pmcares@upi” etc.
COVID-19 and CYBERSECURITY:
It is not too late. India has the expertise and the talent to take on and emerge stronger from this challenge. The government needs to build an atmosphere of trust, social cohesion and purpose where such funds are no more vulnerable.