As the global COVID-19 pandemic rages, an attendant crisis of coronavirus-related cyber attacks has also proliferated since January. Exploiting people’s fears and uncertainties around the virus, phishing scams, ransomware and trojan attacks have seen a dramatic rise over the last month, say threat intelligence experts.
Since the last week of March, a global coalition of over 2,700 cybersecurity professionals from across the world, including at least 10 Indians, have come together to collectively tackle the onslaught of cyber attacks that play on COVID-19-related themes.
Known as ‘COVID19 Cyber Threat Coalition’, the network, a privately driven one with no State involvement, began to take shape around 19 March, under the coordination of Joshua Saxe, chief scientist at British IT security company Sophos.
The primary mission of th coalition is to rapidly share information about ongoing attacks, phishing scams and create a framework for organisations to quickly defend themselves and authorities to quickly take down the offending websites or IPs.
The number of individuals who have tested positive for the novel coronavirus has crossed 1 million globally while India, too, has suffered a sharp increase with over 4,400 found positive as of 7 April.
Speaking with The Quint, Saxe, who spearheaded the Coalition, said he decided to start the COVID19 Cyber Threat Coalition when he “realised how important cybersecurity would be as our societies struggle with the novel coronavirus pandemic.”
Saxe said he decided to start the COVID19 Cyber Threat Coalition when he realized “how important cybersecurity would be as our societies struggle with the novel coronavirus pandemic.”
“I realised that while I’m not a healthcare professional, donating my skills as a cybersecurity professional could be of genuine help not just in my country (the USA) but around the world,” he added.
The global coalition also consists of threat intelligence professionals from the private sector in India. Yash Kadakia, founder of Security Brigade, a Mumbai-based cyber security company, was among the early ones to join the network.
“I’ve actually never seen something of this scale roll together this quickly and that too completely powered by folks and organisations volunteering resources,” Kadakia told The Quint.
“Folks have also broken into smaller groups to tackle specific problems, deployed different platforms to help integrate and correlate all the different threat intelligence being shared by everyone across the world,” Kadakia added.
How Bad Are COVID-19 Related Cyber Attacks?
Security experts describe the cybersecurity threat posed by COVID-19 related attacks as a ‘grey rhino’: a highly probable, high impact yet neglected threat in security parlance.
“COVID-19, the grey rhino, as we call it in risk management terms, has impacted every country, economy and daily life including that of a wage worker and a large corporation, not forgetting human health across the world,” said Hersh Shah, CEO, GLECO, Institute of Risk Management (UK) India Affiliate.
According to Check Point Software Technologies, a multinational IT security company, 2,600 coronavirus-related cyber attacks occur each day, on average. The attacks peaked on Mar 28 at 5,000.
Between mid and end March 30,103 new coronavirus-related domains registered. Of these, 131 have been found to be malicious, 2,777 suspicious. Over 51,000 coronavirus-related domains have been registered since the the start of COVID-19 pandemic.
“It is clear that hackers have increased their activity as they look to capitalise on the crisis. It has even been reported that hackers have tried to break into World Health Organization, which has seen a two-fold increase in cyber attacks,” said Smit Kotadiya, Cybersecurity Evangelist, Check Point Software Technologies.
Kadakia warns that it is highly probable, “we will see a big boom in data leakages that will happen over the world over the next couple of months.”
Stock Market Related Cyber Scams Pop Up
Threat intelligence experts who are working as part of the global coalition identify stock market and financial institutions-related attacks as another major area of concern.
Both, in India and in other countries, phishing and ransomware attacks which mimic mails from broking or trading companies have already surfaced.
“We anticipate more of the same and at increasing prevalence, but as the global recession takes hold, we anticipate more phishing scams that mimic financial relief agencies and attempt to steal bank credentials,” Saxe told The Quint.
To combat these emerging threats, Saxe said the Coalition is “using a combination of Slack, Alienvault Open Threat Exchange, and custom cloud virtual machines to coalesce, process, and share intelligence,”
“ We have global law enforcement representation on our steering committee and pass relevant intelligence on to them so they can take action,” Saxe added.
“I received a notification from my trading app warning me to not click on any links from messages I may have received,” said a Mumbai-based professional.
Kadakia, confirming this threat, said one of his clients who works in the stock market space had a very active attack in March. Combining the stock market crisis with the virus scare will spur a rise in these attacks.
How Vulnerable Are Indians Working From Home?
An additional factor that experts see as contributing to the large-scale attacks is also a shift to working from home for most companies across the world.
“Typically you are working from office you protected behind that corporate firewall,” said Kadakia, adding, “You would not have a firewall at home, or end-point protection or monitoring or something of this sort that would typically be in an office set-up.”
Given that India’s population is under lockdown, “it means there is going to be a significant increase in consumption of internet services especially during non-peak hours which will provide an opportunity to cyber terrorists to conduct large-scale cyber attacks,” added Shah of Institute of Risk Management (UK).
Experts say the risk for India in general is higher compared to other technologically advanced nations. According to the ‘7 Uncomfortable Truths of Endpoint Security’ by ‘A Sophos report’, 76 percent Indian companies in India were hit by a cyber attack in 2018-19 as compared to 68 percent globally.
“From an IT security perspective, we definitely don't have expertise in properly detecting, investigating and responding to large scale security incidents either,” Shah added.
How to Be Safe From These Attacks
Beware of lookalike domains. Watch for spelling errors in emails or websites, and unfamiliar email senders.
Be cautious of unknown senders. Watch for files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for coronavirus and even if there was, it definitely would not be offered to you via email.
Be more careful on social media: Social media is filled with third-party applications. Ensure you think twice before downloading any random application on your phone and laptop. There is a sudden increase in gaming app companies flooding your screens with tempting ads to kill boredom and enjoy social distancing. Be careful about the credibility of the game developer.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)