Healthcare was an expected target of cyber-criminals riding on the Covid-19 scare wave. However, finance and education sectors were also badly affected, according to a threat assessment by McAfee.
Several malicious Android applications were abusing keywords connected to the pandemic. An app called “Corona Safety Mask” was using the permission to access SMS’s send to send to scam messages to the victim’s contact list. In a recent post on a dark web forum, an individual who claimed to have recovered from Coronavirus offered to sell his blood.
Raj Samani, chief scientist at McAfee, explains the situation to SC Media UK.
SC: Cyber-criminals are known to be highly responsive to current developments when it comes to making their attacks timely. How different are Covid-themed attacks?
RS: "Cyber-criminals are constantly looking to make their attacks timely, and Covid-themed attacks are no exception. The use of Covid-19 as a lure does not appear to show any sign of slowing down. More campaigns are coming to light using the global health crisis as a hook to trick people and make money. It is important to add that this landscape is changing daily, and we’ll, therefore, need to constantly monitor the situation to ensure up-to-date and relevant research can be shared with the appropriate authorities."
SC: What were the kinds of attacks you noticed? Who were the intended targets?
RS: "We’ve seen a wide range of Covid-themed attacks, from phishing emails name-dropping the disease to mobile malware offering maps, and even malware named after popular video conferencing services. And now that many employees have moved to remote working from their homes, cyber-criminals will likely target the misconfigurations to cause havoc or use these lures to get victims to open malicious documents to gain access to corporations."
SC: There were many targeted attacks, picking specific regions or limited demographics as targets. According to your observation, is improved social engineering the only factor that has improved the precision of these attacks?
RS: "The volume of threats related to Covid-19 has been significant, with lures used in all manner of attacks and the targeted sectors changing regularly. There is real fluidity in the threat landscape today, as malicious domains come and go very quickly. Equally, the most targeted component changes daily. Spain will be the most targeted geography one day, and the UK takes that place the next day."
SC: Many of the Covid-themes campaigns are popularised on the darknet. Does that mean the people who maintain browsing hygiene are safe from them?
RS: "Good security hygiene and best practice can put up a good defence against many of these threats. Whilst not an absolute defence – and considering nothing ever is – it can minimise the risk posed by the initial entry vector in many cases. If you contrast campaigns against the MITRE model, the suggested outcome indicates that emails/attachments are the most common lures."
SC: The entire world has gone online. They download apps on their home devices to keep up with their work and social life and to share and receive information on Coronavirus. All these create and circulate a huge amount of personal data. Has this helped attackers improve their social engineering process?
RS: "With a larger proportion of the workforce now working from home, previously inaccessible information assets will need to be more available for remote access and use. If employees access corporate networks from pre-infected unmanaged machines without adequate security measures, it creates a much larger attack surface for cyber-criminals and increases the risk of an organisation falling victim to a potential breach or ransomware lockdown. Subsequently, enhanced security measures will be necessary to ensure that information is only made available to those with a clear need to know. For example, strong authentication, data encryption and VPN access will all be vital, as well as collaboration and shared responsibility across the cyber-security industry to detect and tackle threats."
SC: How can individuals, groups and organisations protect themselves and limit the circulation of information about them? Is limiting or avoiding online activities the only option?
RS: "There are numerous ways that organisations and individuals can protect themselves online. Just like we are all fighting to flatten the Covid-19 curve through social isolation and washing our hands more often, we should aim to flatten the cyber-attack surface of our organisations by having proper cyber-security hygiene in place, such as using multi-factor authentication, VPNs, and robust end-point security software."