While governments, businesses, intergovernmental agencies, and not-for-profit agencies are busy dealing with the fall-out of coronavirus (COVID-19), certain groups with malicious intent are using the outbreak as an opportunity to launch cyberattacks to infect devices and other connected assets through focused social engineering tactics. In the last 26 days, Subex’s global honeypot has registered a slight dip in direct attacks using bought malware while the volume of phishing emails and other targeted social engineering activity has grown significantly.
Our researchers are reporting a significant increase in social engineering attacks through a variety of channels across continents. This includes emails, social media posts and instant messaging content that is designed to trick the recipient into clicking on the link or downloading an infected file. Some of these attacks could also be oriented towards obtaining ransom from victims by making them install common ransomware.
CORONA VIRUS IS THE LATEST THEME
These are what we call themed attacks that ride on a global scare or anxiety created by an event that influences citizens at a personal level. About 23 common file extensions (including zip, mp3, mp4, xlsx, docx, EPS) have been released by hackers in the last 26 days. These files have a malicious payload that could encrypt files, steal/exfiltrate data, drop backdoors and even corrupt data.
The impact of these infections could present themselves long after we contain the outbreak of this virus. Possible motives for such large-scale attacks include creating an army of zombie devices (bots) to launch third-party attacks on specific targets, using these devices to infect other devices or mine cryptocurrency, selling the personal information of victims of these infected devices or even deploying adware to show ads within these devices.
F I L E T Y P E S O B S E RV E D INCLUDE:
>>Corona_health_update.pdf (attributed to centers for disease control) >>Origin-of-corona_cnn.mp4>>Covid19_Mandatory_work_from_measures.pdf (spread using instant messaging platforms) >>Corona_safety_alert.docx>>Secondary_corona_infections.pdfEmails seeking donations in the name of WHO have also been found. The in-bound volumes of these infected files vary with healthcare announcements by governments or not-for-profit agencies and we have seen three clear windows for detection of such infected files - 7am to 9:30am GMT, 3pm to 3:30pm GMT and 8pm to 9pm GMT.
MAINTAIN CYBER- HYGIENE
Similar to the measures recommended by healthcare professionals to prevent the spread of infection, we need to take a few precautions in cyberspace also to prevent disruptive groups from utilizing the situation to their advantage. Here are a few recommended steps:>>Rely on known sources for healthcare updates (these include the World Health Organization, federal or regional governments, publications of repute and your local healthcare professionals. >>Avoid the temptation to click on links shared via social media, instant messaging applications or any other source.
News updates will anyway reach you it is just a matter of a few minutes. But if you click on a suspicious link, you could end up doing far more damage in the short and long term to your business\personal interests. >>Check the URL of websites carefully every time. If possible, use search engines to reach sites rather than entering the URL text directly. >>Keep all your software, OS, firmware and mobile applications updated. Do not skip updates. >>Report any suspicious emails or URLs to your cybersecurity teams.
We urge you to stay diligent and safe.CORONAVIRUS CASTSA S H A D OW I N CY B E RS PAC E WE NEED TO TAKE A FEW PRECAUTIONS IN CYBERSPACE ALSO TO PREVENT DISRUPTIVE GROUPS FROM UTILIZING THE SITUATION TO THEIR ADVANTAGE12 l ENTREPRENEUR ENTREPRENEUR l MAY 2020 MAY 2020