More than ever, these are times when due diligence can’t be implemented, especially if an email seems to be something urgent or from untrusted sources.
It’s no news that cybercriminals leverage panic, doubt, and sometimes even go a step further and do recon on a target before crafting that enticing email, all in the hope that a potential victim will open it and fall prey to their efforts. But how are the Covid-19 attacks being delivered? What types of malware are being deployed, and with what objective? Rajesh Maurya, regional vice president, India & Saarc, Fortinet, demystifies these attacks in an interview with Sudhir Chowdhary. Excerpts:
From the attacks that you have seen recently, which components are being leveraged and why?
From a social engineering point of view, we can say that the panic component is being maximised, especially now with all of these campaigns related to Covid-19 targeting hospitals, manufacturers of medical equipment and health insurance companies. They leverage the fact that there is a shortage of medical equipment and supplies and use this as an advantage.
More than ever, these are times when due diligence can’t be implemented, especially if an email seems to be something urgent or from untrusted sources. I know that we can argue that being extra cautious is counterproductive. Still, I think that nothing is more counterproductive or destructive than having your entire company brought down because someone didn’t double-check before clicking on a file.
How do these cyber attacks start, and what are they exploiting exactly?
Most of these attacks are being delivered via email, so typically they are mass spam campaigns. However, we are also seeing some are very targeted attacks, along with some accidental and planned DDoS (Distributed denial of service) attacks as well. Of course, DDoS can be directly caused by attackers, or simply by the sheer volume of use that this new scenario has generated. On top of that, now that everyone is connected most of the time with remote work and videoconferencing, along with video streaming, browsing and online shopping, or playing online games, many infrastructure were not prepared to receive this new wave of demand. On top of this, email-based threats are exploiting the sense of urgency and panic around the pandemic, often masquerading as government health organisations, NGOs, or suppliers of medical equipment.
What are the most common threats that are leveraging Covid-19 themes?
The goals these email threats carry is to deliver malware to a system which, in the case of these campaigns using Covid-19 themes, are mostly info-stealers, ransomware, and RATs – a Remote Access Trojan which is a type of malware that allows hackers to monitor and control a computer or network. We believe that in times like these we have a lot of people tapping into their savings and bitcoins and actively engaging in e-commerce; this is a trend that cybercriminals want to leverage to increase their chances of stealing personal credentials.
Is any industry or region more heavily targeted and why?
Countries that have been heavily hit by the pandemic seem to be the most likely targets. As expected, industries involved in the immediate response to the pandemic are targets as well – especially if those companies operate in a country that has been hit hard by the pandemic. Critical services, such as gas, oil, and power plants, have also seen a fair share of these attacks.
What can companies and individuals do to protect themselves?
Companies should focus their efforts on cybersecurity user awareness training, as well as creating and maintaining a cybersecurity mindset throughout the company in every process and interaction, whether personal or corporate. Having a robust email security solution with a sandbox can also stop these threats at the network perimeter. Not allowing these phishing emails to propagate and reach the user’s inboxes in the first place is ideal. Now that many companies have settled into their new remote worker environment, it’s time to go back through all of the changes that were made to close any security gaps that may have been introduced.