The hacker, the faker and the virus

Cyber-attacks have been as viral as the pandemic itself

The attack was stealthy, and quick off the blocks. As soon as Prime Minister Narendra Modi announced the launch of his PM CARES Fund to fight the pandemic, online fakers hit the ground running. “Within a couple of hours, over a dozen fake UPI sites came up with similar sounding names,” says Lieutenant General (retired) Rajesh Pant, India’s national cybersecurity coordinator.

The fake IDs, with names such as ‘pmcaress’ or ‘pmcare’, were created on UPI handles of Punjab National Bank, HDFC Bank and others to mislead citizens into parting with their money. The Computer Emergency Response Team (CERT-In), India’s nodal cyber security agency, quickly swung into action and shut down the fake handles, with help from the home ministry, the State Bank of India and the National Payments Corporation of India. But not before, as reports from the home ministry indicate, over 8,000 Indians and NRIs donated thousands of dollars into fake accounts. In fact, according to home ministry figures from April, cyber attacks on Indians went up by 86 per cent since the lockdown began.

A May 22 report by cybersecurity firm Cyble said that the data of 2.9 crore Indian jobseekers was released on the dark web.
The hackers’ targets right now are large enterprises and financial institutions, where they know the whole focus is on seamless WFH (rather than security). —Trishneet Arora, CEO, TAC Security

Cyber-attacks have been as viral as the pandemic, spreading across a world where people are turning to the internet more and more. And aiming at them from the dark recesses of the web are an increasingly cocky yet invisible bunch of criminals who have been coming up with newer methods of entrapment.

On May 18, Seqrite, a cyber security specialist, reported that it had found a new wave of Adwind Java Remote Access Trojans (RAT) hidden in coronavirus-themed emails that claimed to be from the Reserve Bank of India targeting certain co-operative banks in India. Names of the banks were not revealed.

“We have noticed an increase in attacks—it will only go up more,” said Trishneet Arora, who runs TAC Security, a cyber security firm that handles network security for some of India’s biggest financial institutions.

This is particularly frightening as, according to Pant, India is already the third most cyber-attacked country in the world. “People are understandably anxious about the pandemic and are more likely to access malicious links and attachments that are disguised as essential information,” said J. Kesavardhanan, founder and CEO of K7 Computing, a leading Indian cyber security firm, adding, “Working from home also creates more opportunities for cybercriminals who wish to harvest business data and banking credentials. Covid-19 has brought out the worst in cybercriminals who are attacking when we are at our most vulnerable.”

Check Point Research, one of the world leaders in cyber security, said that, in the first two weeks of May, Covid-19-related attacks went up by 30 per cent. Also, there was a 37 per cent increase in the registration of domain names that sounded like Zoom, the popular video conferencing app.

Corona caution

Be it a website offering information on the disease, a mail offering you ‘your share’ from the stimulus package announced by the government or a Telegram channel selling masks or sanitisers to get its hands on your financial details, most of these attacks have a connection to the outbreak. K7 found that, between March 24 (eve of the lockdown) and April 9, the average daily number of cyber-attacks that were stopped, and that had a Covid-19 connection, had increased by about 260 per cent.

From just one website on January 1, today there are more than 90,000 websites related to the virus, many of them fake. Check Point said the pandemic-related attacks had increased to more than 27,000 a day in May. More than 70 per cent of IT professionals it surveyed reported an increase in attacks since the outbreak hit top gear. Barracuda Networks, a multinational network security firm, said it detected just 137 Covid-related phishing attacks in January, which went up to 1,188 next month, before burgeoning to 9,116 in March. “A growing number of (cyber thieves) are capitalising on the fear in the minds of their intended victims,” said Murali Urs, country manager, India, Barracuda Networks.

The most popular method used is phishing. McAfee, a leading anti-virus provider, estimates a 500 per cent increase in Covid-related spam mails in the near future. The danger? “These spam mails go to millions of people, weaponised with trojans,” said Venkat Krishnapur, vice president and managing director of McAfee India.

Some of the malware the Indian government has identified include Emotet, Lokibot, Trickbot Agent Tesla and CovidLock.

These phishing emails attempt brand impersonation and try to compromise a user’s email by offering fake solutions to Covid-19. Said Himanshu Dubey, director of Quick Heal, an IT security services provider, “The emails lure the user into opening the attachment that either claims it has some report, health advice or possible cure. The vast majority of such attachments are document files, which, when opened, drop a malicious payload on the user’s system that steals sensitive information by tapping the browser, email and FTP clients. In some cases, we also noticed remote access trojans and ransomware being dropped as the payload. Such phishing tactics intend to spread malware, extort money from unsuspecting users who fall for it and, even worse, pedal fake news and cause mass panic.”

Reports of data breaches have also risen. A May 22 report by cybersecurity firm Cyble said that the data of 2.9 crore Indian jobseekers was released on the dark web. Later in the month, Google announced in a blog post that up to 100 Indian users were targets of what it described as ‘state-sponsored’ attacks.

Worry from home

When people log into their company system from either personal devices or through home internet connections that lack protections, it is, as Arora put it, “an inherent vulnerability at the end point”.

“The hackers’ targets right now are large enterprises and financial institutions, where they know the whole focus is on seamless WFH (rather than security),” he said.

According to Shodan, a search engine that scans and indexes devices instead of websites, half a lakh computers in India have their default remote access port open for connections. “Many IT admins would have had to loosen their firewall settings to allow employees to connect to their remote computers in the office,” said Kesavardhanan.

A recent PricewaterhouseCoopers study showed that cybercriminals have used the panic to infiltrate corporate networks and steal data.

Health is ‘Wealth’

A new target of web scammers is the health care industry. Multiple agencies have noticed a global trend in cyber-attacks on hospitals, health care professionals and the pharmaceutical industry. In early April, Interpol issued a ‘purple notice’ to all its 194 member countries, warning in its advisory: “Hospitals and other institutions on the front lines have also become targets of ransomware attacks designed to lock them out of their critical systems in an attempt to extort payments.”

Said Shree Parthasarathy, leader, cyber risk services, Deloitte (South Asia), “The most targeted categories were life sciences and health care companies, the manufacturing sector, and services. These are being hunted to steal patents, processes, passwords and other information.”

McAfee also warned about the attacks, and even red-flagged an app, ‘Corona Safety Mask’, which asked for so many permissions on download that, if granted, gave it full internet access to a user’s device, allowing it to create network sockets, read contact data and even send messages!

Worries abound as India’s health care industry does have a reputation of having lax security. A few months ago, 68 lakh patient records stolen from an Indian health care website were put on sale on the dark web; in July 2018, hackers ‘locked’ the data of Mumbai’s Mahatma Gandhi Memorial Hospital, demanding ransom in bitcoins. Keeping such instances in mind, Bitdefender, a cybersecurity firm, made its security solutions for hospitals and other health care organisations free for the next one year. As Zakir Hussain, Bitdefender’s director (India), said, “Hospitals are currently most vulnerable to cyber-attacks. During such critical times, we need to move swiftly.”

Warned Sujay Vasudevan, vice president (cyber and intelligence solutions), Mastercard South Asia: “Consumers need to be highly vigilant and guarded against scammers who are on the lookout to exploit the current situation.”

The only way out is heightened cyber hygiene and caution on the part of companies as well as individuals, especially those who work from home. “[From] the complaints and the crime reports we are getting,” said Pant, “every day it is getting more and more serious.”