COVID-19 Themed Malicious Cyber Activities Threat Update v1.0
COVID-19 Themed Malicious Cyber Activities Threat Update v1.0
Overview
This threat update is intended to make the netizens aware about the on-going malicious activities (COVID-19 Themed Malicious Cyber Activities Threat Update v1.0) by using the term COVID-19. These specially crafted activities and attacks are attempting to make use of panic and discomfort caused by COVID-19 pandemic for their own malicious-interest. This document will provide information on how to mitigate these attacks and reduce the risk of being impacted.
The spread of a dangerous novel coronavirus COVID-19 is on the rise. While the nation is fighting the disease in the real world, cybercriminals have caused havoc in the digital world by targeting the innocent victims in this difficult time.
The spread of the novel coronavirus gives cyber-criminals a perfect opportunity for scaring people or scamming them for money or resources. These practices include setting up legitimate-looking websites to impersonate official websites and spreading false information online. It is important to take precautions, both physically and digitally.
With very little efforts, these attacks can be modified with a COVID-19 theme which makes them much more dangerous. At a time, when people are physically vulnerable, managing cyber security is difficult. It is also possible that these malicious actors are operating from outside the country, which makes it much more difficult to apprehend them in case of any loss.
Apart from applying the technological tactics, they are also exploiting the emotional state of the people. Messages such as “Get 25 GB of data free by upgrading your application” and “Get extra money while working from home” are exploiting the needs of people during the lockdown period.
It is strongly advised that while working online, the netizens should stay vigilant.
Current Cyber Attack Trends
Utilizing the panic created by the coronavirus outbreak across the globe, the attackers are targeting a wide range of establishments from individual users to corporate organizations and government assets. It is important for everyone to stay informed and careful against such attacks by these cyber adversaries.
As almost everyone is working from home, it has impacted the quick development of Cyber Security solutions. Due to this slow down, patching software vulnerabilities will take longer time than usual. Internet users are advised to remain extra vigilant when dealing with outdated software.
During the lockdown, with work-from-home being implemented in many organizations, people’s interaction with digital devices and the Internet is far more than ever, and this provides an excellent opportunity for attackers to get potential targets.
Malicious actors are launching various attack campaigns, scams and phishing campaigns against the general public who are soft targets to them due lack of awareness of these kinds of attacks.
CASE #1: AZORULT TROJAN
This four-year old malware strain has reappeared with a new design to fit in the COVID 19 theme. It has been traced back to some malicious applications which are intended to steal data from target devices including sensitive login credentials and banking details.
The malware attempts to target with a malicious email that claims to be from the Government or WHO (World Health Organization) and having some attached files titled as “cures for coronavirus.” Once the file has been opened, the malware gets executed in the target system.
CASE #2: SPOOFING
Attackers are also targeting government schemes such as the PMCARES fund by using similar-looking UPI IDs, spoofing official websites, and spreading fake news. Moreover, they are also sending confirmation e-mail/sms for the successful transfer of funds.
Many people are unable to identify it, as it is a normal bank transaction. The only difference is the destination of fund transfer.
CASE #3:
JIO MEMBERSHIP WORM
Messages such as “Get 2000 in your PAYTM wallet” or “Free GPAY money” are in circulation. Cyber-criminals are using these messages to extract bank account details from the target user. The criminals are after debit/credit card details used to access UPI accounts.
It’s requested that you don’t respond to these messages at all and report them to the police at cybercrime.gov.in
A quick advice to avoid this:
- Read the message very carefully.
- Never act immediately on the advice given in the message.
- Never open any link (URL) if the message seems suspicious.
- Mark the message as spam once it is identified so.
- Don’t share any banking details with anyone, despite how important they may make it seem.
CASE #4: JIO MEMBERSHIP WORM
This Trojan was distributed to citizens of India as SMS with the link to a safe-looking web page which asks the target user to download an application and install it on their mobile phones. After installation, the application creates a backdoor and sends a spam SMS to all the contacts impersonating the user. The target user becomes the culprit.
Here’s what the text message looks like-
CASE #5: ATTACKS ON OUTDATED SOFTWARE AND INFRASTRUCTURE
With the rise of pandemic stress and surrounding tension, attackers are targeting outdated software and infrastructure with known/unknown vulnerabilities as they are not being maintained or patched regularly. Work-from-Home platforms are also under attack as corporations and businesses depend on them. They do this by sending malicious links to employees or by exploiting vulnerabilities in these platforms.
Popular meeting platforms are the major targets. Hackers are replacing the original installer program with malware-embedded software for windows.
CASE #6: SPEAR PHISHING
Malicious actors are performing targeted attacks on the client base, spoofing and phishing company assets, and clients.