Covid19 Cyber Attacks
The new trend of cyber-attacks through malware and ransomware in the context of COVID-19 is ‘Fearware’. The cyber attackers are exploiting the fear of coronavirus to cause the victim to fall prey to cyber-attacks.
The hackers are releasing new computing viruses and mobile applications relating to COVID-19 updates and other information. They are also designing phishing websites, emails and phishing UPI accounts in name of COVID-19, which are leading to Cyber frauds.
Following are some of the incidents reported in India and other countries.Some examples/Case Studies refer about trends of Cyber Security Risks as part of COVID-19 disruption.
1. Malware Attacks:
The disastrous spread of COVID-19 is becoming an opportunity for the cybercriminals to spread malware or launch cyber attacks. One such kind of malware attack, is with usage 'Corona virus Maps' – It's a malware infecting PCs to steal passwords.
Tips to Prevent Malware from Infecting Your Computer—and Your Livelihood:
- Avoid clicking on any UNKNOWN messages with links/ install application from unknown sources
- Think about who sent you the message. Is it a person that you know?
- Think Before You Click
- Keep Your Personal Information Safe.
- Don’t Use Open Wi-Fi
- Use Multiple Strong Passwords for multiple accounts
- Install Anti-Virus/Malware Software
- Keep Your Anti-Virus Software Up to Date
- Secure your network
2. Email based attacks:
Using World Health Organization mail in the name of COVID-19 as legit application by the fraudsters and spreading malwares to control your end devices.
The email looks like it’s from the WHO, sent by a Tim Hardley, principal healthcare officer from WHO’s regional office for the Americas. A Google search throws up no results for such a WHO official.
The attachment has malicious and delivered a sophisticated, multi-layer payload based on the Lokibottrojemailan (Trojan:Win32/Lokibot.GJ!MTB).
3. Message based attacks:
A form of phishing, smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.
4. Fake Mobile Applications:
Cybercriminals have started creating huge number of fake mobile application in the name of COVID -19 as legit applications from organization such as WHO for spreading phishing mails/sites and fake news and stealing valuable information.
Malware being delivered via Android apps that steals victims offering Coronavirus safety mask upon installation.
5. UPI Frauds:
UPI or Unified Payment Interface is a method to make payments digitally and has already gaining popularity. As the methods of making payments have become technologically advanced, fraudsters have also evolved different ways to scam you out of your hard earned money.
It is so sad to see that even in the midst of such a serious humanitarian crisis like COVID- 19, these cyber criminals can only think of opportunism and theft. Cyber criminals are also taking advantage of rising corona virus concern for collecting charity. The Prime Minister's Citizen Assistance and Relief in Emergency Situations Fund’ (PM CARES Fund)’ set up was not spared and within a few hours of its announcement, “half a dozen” similar sounding websites were created such as “PM-care” etc.
How to avoid fraud
In order to prevent such frauds, this is what you should not do:
- Never share details such as debit card number, expiry date, registration OTPs on the call or other media. The bank never asks for such details.
- Avoid clicking on unknown links or forwarding any suspicious SMS
- Never share your UPI MPIN with anyone.
During this time of uncertainty and increased online activity, cyber criminals are actively working to exploit the current COVID-19 story with attacks aimed at taking advantage of the situation. It is important now more than ever to be aware of online scams and threats as they are increasing in volume and sophistication.
- Always check the link before clicking. Hover over it to preview the URL, and look carefully for misspelling or other irregularities.
- Enter your username and password only over a secure connection. Look for the “https” prefix before the site URL, indicating the connection to the site is secure.
- Be cautious about opening any attachments or downloading files you receives regardless of who sent them.
- Look for the sender email ID before you enter/give away any personal information.
- Use antivirus, antispyware and firewall software (update them regularly too).
- Always update your web browser and enable phishing filter.
- If you receive any suspicious e-mail do call a company to confirm if it is legitimate or not.
- Do use a separate email accounts for things like shopping online, personal etc.