Even as the Central Bureau of Investigation (CBI) has called on all states to be vigilant about cyber attacks during the coronavirus pandemic, the latest cyber threat report records Kerala to have the highest number of cyberattacks in recent months.
In Kerala, the highest attempts were in Kottayam district with 462, followed by Kannur (374), Kollam (236) and Kochi (147). The state as a whole saw around 2,000 attacks between mid-February and mid-April–way higher than Punjab, which followed with just 207 attacks, and Tamil Nadu with 184. The increased cyber attacks could be attributed to high internet penetration and better e-literacy in Kerala compared to other states in India.
Earlier this week, the CBI had sent a warning to all states and Union Territories to be cautious about Cerberus, a trojan. SMSes were being sent to lure users to download the malicious malware which then stole credit card and other sensitive data.
Even before the pandemic hit, India was the third most cyber-attacked country in the world, and as the latest threat analysis shows, the numbers are only going up. Lockdown has seen a spurt as scamsters and dark web criminals try to prey on the post-pandemic realities like people accessing company networks from home and usage of the internet skyrockets everywhere, both for work and pleasure.
Key threats seen during this period ranged from phishing attacks to rogue apps disguised as Covid information providers targeting users’ data. Ironically, phishing attacks were noticed more in smaller cities, while the metros fared better. For example, users in UP's Ghaziabad and Lucknow seem to have faced much more attacks than those in Bengaluru.
“Panic caused by the stringent lockdown measures and rapid spread of this virus has left many people looking for more information on the situation. Threat actors exploit this fear to their advantage and scam users into downloading malicious software and divulging sensitive information like banking codes,” points out J. Kesavardhanan, founder and CEO of K7, the cyber security agency that analysed the cyber threats.
Most of the attacks were phishing emails, where either users are duped into clicking on a link or attachment offering information on coronavirus or mails offering them 'their share of the stimulus package', et al. K7 Labs says they noticed a particular trend of emails claiming to be from the US Treasury or the WHO. Users were encouraged to visit links that would automatically download malware on the host computer, such as the Agent Tesla keylogger or the Loki Bot information-stealing malware, infamous banking Trojans such as Trickbot or Zeus Sphinx, and even disastrous ransomware. There were also apps like the CoronaSafetyMask, which scammed users to pay up for masks, or asked for too many access to one's phone.
Compounding matters has also been the fact that many professionals are logging into their office network from homes, leaving network security compromised. “The need to be cyber cautious has never been greater, more so in the case of corporates who have adopted a work from home policy hurriedly without adequate cyber hygiene,” said Kesavardhanan, pointing out how attacks on companies and SME employees have also seen a spike.
Experts at K7 forecast that coronavirus-themed attacks will continue to increase till normalcy returns. 'Healthcare institutions, well-known government offices, and international organisations will continue to be a prime target throughout the pandemic,' says the threat perception report.
