Virtually preying on fear of the pandemic

The Covid-19 pandemic isn’t just real, it’s virtual as well. Earlier this week, the Computer Emergency Response Team-India from the office of the ministry of home affairs issued an advisory regarding a potential ‘cyber offensive attack from the Chinese army’. In the guise of a free Covid-19 test, “the Chinese cyber warriors” could be carrying out a massive phishing attack, warned the advisory, and asked people to be on the lookout for IDs like ncov2019@gov.in with the email subject line: Free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad. The malicious group claims to have 2 million individual email addresses, said the advisory.

As the number of people infected with the coronavirus rises so does the fear surrounding the pandemic, which, say cyber security firms, is exactly what malware creators are preying on. The firms warn of the increasing number of ‘infections’ online since February. “We are seeing an increasing trend of threat actors targeting enterprises with complex viruses, Trojans, and even ransomware,” says J Kesavardhanan, founder and CEO of K7 Computing, a malware prevention and antivirus software which released a report on cyber threats earlier this week. “Covid-19 apps infected with malware are rampant.”

Take for instance, the Ginp Trojan. It disguises itself as the app “CoronaFinder” and promises to provide the location information of virus-infected people around the user on payment of a small amount. It instead opens a webpage called coronavirus finder and asks the user to input data to make the transaction. However, once the user enters the card details, it steals financially-sensitive information. Another coronavirus-themed app promises safety masks, but, instead, reads contacts and sends SMS to all, resulting in an amount of significant charge for the sender.

The K7 report observes that from February to mid-April, there was an upswing in Covid-19 related website visits in Tier-1 and Tier-2 cities of India, but Tier-2 and Tier-3 cities had faced the major brunt of Covid-19 themed attacks. In April, Google reported that it had blocked around 18 million Covid-19 themed malware and phishing campaigns daily. Alongside, it was also filtering out roughly 240 million Covid-19 themed spam messages every day.

By impersonating primarily healthcare, research and government industries such as the World Health Organization and The Centers for Disease Control and Prevention, dangerous malware is being dropped onto devices, says Kesavardhanan. He says, there have been instances where malicious Android apps claiming to be legitimate coronavirus tracking apps dropped ransomware on the user’s device and demanded payment to restore access to the device.

During this period, the K7 engine had processed almost 1,78,000 URLs visited by K7 Security users which are all Covid-19 related, of which about 1,700 unique domain names explicitly refer to the pandemic. “While several of the URLs are legitimate, the volume of Covid-related traffic demonstrates how easy it would be for cybercriminals to get victims to visit fake sites during this period of stress and fear,” says Kesavardhanan. Of the URLs mentioned, more than 60 are confirmed malicious.

A report released in April by Chennai-based Cyber Security Works analysed 4,829 vulnerabilities spanning across technologies from 1999 to February 2020. “We selected the best technology vendors in each category, based on ratings by Gartner and Forrester,” says Ram Swaroop, president and co-founder. “Our study showed that database, online conference and back-up and storage technologies had the largest number of vulnerabilities. Also, vulnerabilities increased since 2015.”

Scans, says Swaroop, sometimes miss these vulnerabilities which can then be weaponised or exploited. “And now with most companies in 100% work-fromhome situations, the threat is large,” he says.

Experts at K7 Labs predict that the number of Covid-19 themed attacks and complex Trojan attacks will continue to increase in the next quarter, as novel techniques are deployed to take advantage of human error. To protect one self, cyber security experts advise strengthening of cybersecurity measures and awareness of cyber hygiene, especially for larger firms. For personal users, security scans, ensuring good digital health by verifying before clicking on emails with hyperlinks and those asking for personal details, are essential.