The recent cyberattacks on big firms like Domino’s India, Air India, and others show a clear example that we are heading towards a big crisis. Domino’s India became a victim of a major data leak as more than 18 crore orders’ data has been put up on the dark web for sale as a searchable database.
The COVID-19 pandemic was a remarkable, unprecedented event which altered the lives of billions of citizens globally resulting in what became commonly referred to as the new-normal in terms of societal norms and the way we live and work. Aside from the extraordinary impact on society and business as a whole, the pandemic generated a set of unique cyber-crime related circumstances which also affected society and business. The increased anxiety caused by the pandemic heightened the likelihood of cyber-attacks succeeding corresponding with an increase in the number and range of cyber-attacks.
This paper analyses the COVID-19 pandemic from a cyber-crime perspective and highlights the range of cyber-attacks experienced globally during the pandemic. Cyber-attacks are analysed and considered within the context of key global events to reveal the modus-operandi of cyber-attack campaigns. The analysis shows how following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first COVID-19 related cyber-attack, attacks steadily became much more prevalent to the point that on some days, three or four unique cyber-attacks were being reported.
Cyber attacks in India are getting deadlier year after year. Each strike has taken proportions to drive home the fact that no one is safe. The COVID-19 pandemic has forced companies to come up with work from home which has made things more vulnerable and lack of good infrastructure adds more woes to make it worse.
The new trend of cyber-attacks through malware and ransomware in the context of COVID-19 is ‘Fearware’. The cyber attackers are exploiting the fear of coronavirus to cause the victim to fall prey to cyber-attacks.
The hackers are releasing new computing viruses and mobile applications relating to COVID-19 updates and other information. They are also designing phishing websites, emails and phishing UPI accounts in name of COVID-19, which are leading to Cyber frauds.
Following are some of the incidents reported in India and other countries.Some examples/Case Studies refer about trends of Cyber Security Risks as part of COVID-19 disruption.
1. Malware Attacks:
The disastrous spread of COVID-19 is becoming an opportunity for the cybercriminals to spread malware or launch cyber attacks. One such kind of malware attack, is with usage ‘Corona virus Maps’ – It’s a malware infecting PCs to steal passwords.
Tips to Prevent Malware from Infecting Your Computer—and Your Livelihood:
- Avoid clicking on any UNKNOWN messages with links/ install application from unknown sources
- Think about who sent you the message. Is it a person that you know?
- Think Before You Click
- Keep Your Personal Information Safe.
- Don’t Use Open Wi-Fi
- Use Multiple Strong Passwords for multiple accounts
- Install Anti-Virus/Malware Software
- Keep Your Anti-Virus Software Up to Date
- Secure your network
2. Email based attacks:
Using World Health Organization mail in the name of COVID-19 as legit application by the fraudsters and spreading malwares to control your end devices.
The email looks like it’s from the WHO, sent by a Tim Hardley, principal healthcare officer from WHO’s regional office for the Americas. A Google search throws up no results for such a WHO official.
The attachment has malicious and delivered a sophisticated, multi-layer payload based on the Lokibottrojemailan (Trojan:Win32/Lokibot.GJ!MTB).
3. Message based attacks:
A form of phishing, smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.
4. Fake Mobile Applications:
Cybercriminals have started creating huge number of fake mobile application in the name of COVID -19 as legit applications from organization such as WHO for spreading phishing mails/sites and fake news and stealing valuable information.
Malware being delivered via Android apps that steals victims offering Coronavirus safety mask upon installation.
5. UPI Frauds:
UPI or Unified Payment Interface is a method to make payments digitally and has already gaining popularity. As the methods of making payments have become technologically advanced, fraudsters have also evolved different ways to scam you out of your hard earned money.
It is so sad to see that even in the midst of such a serious humanitarian crisis like COVID- 19, these cyber criminals can only think of opportunism and theft. Cyber criminals are also taking advantage of rising corona virus concern for collecting charity. The Prime Minister’s Citizen Assistance and Relief in Emergency Situations Fund’ (PM CARES Fund)’ set up was not spared and within a few hours of its announcement, “half a dozen” similar sounding websites were created such as “PM-care” etc.
How to avoid fraud
In order to prevent such frauds, this is what you should not do:
- Never share details such as debit card number, expiry date, registration OTPs on the call or other media. The bank never asks for such details.
- Avoid clicking on unknown links or forwarding any suspicious SMS
- Never share your UPI MPIN with anyone.
During this time of uncertainty and increased online activity, cyber criminals are actively working to exploit the current COVID-19 story with attacks aimed at taking advantage of the situation. It is important now more than ever to be aware of online scams and threats as they are increasing in volume and sophistication.
- Always check the link before clicking. Hover over it to preview the URL, and look carefully for misspelling or other irregularities.
- Enter your username and password only over a secure connection. Look for the “https” prefix before the site URL, indicating the connection to the site is secure.
- Be cautious about opening any attachments or downloading files you receives regardless of who sent them.
- Look for the sender email ID before you enter/give away any personal information.
- Use antivirus, antispyware and firewall software (update them regularly too).
- Always update your web browser and enable phishing filter.
- If you receive any suspicious e-mail do call a company to confirm if it is legitimate or not.
- Do use a separate email accounts for things like shopping online, personal etc.
Cybersecurity Safety During COVID-19
During events like the Coronavirus outbreak (COVID 19), cyber attackers often use these opportunities to, unfortunately, try to take advantage of the situation. We ask that you pay close attention to your emails & communications during this time. Cybercriminals may try to scam you, or launch phishing attacks that attempt to get you to click on malicious links or open infected email attachments. Here are some of the most common indicators that the phone call or email you may receive is probably a scam or attack:
- Emails that end up in your junk mail often do not need to be opened. Only open an email in your junk mail if you were expecting a message.
- Any messages that communicates a tremendous sense of urgency. The bad guys are trying to rush you into making a mistake.
- Any message that pressures you into bypassing or ignoring our security policies and procedures.
- Any message that promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.
- Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action.
Please keep in mind Coronavirus scams and attacks can happen at work or at home, via email, text messaging or even over the phone.