With the growing security risks in the remote working world, many companies are still unprepared for cyber attacks. While most of the employees continue to work remotely, organisations are juggling between multiple virtual applications to sustain/maximize employee’s productivity and issues of system security. The risk management teams of every organisation need to be more vigilant now than ever.
Since the beginning of the pandemic, experts have noticed that a lot of pattern and methods of attack have changed, as they are now more directed towards specific sectors like healthcare, pharma and other sectors which are vulnerable due to the virus. But, the driving force behind most of the attacks remained economic gain through fraudulency.
Due to the mass adoption of a remote workforce for business continuity, organisations have had to make rapid decisions to increase VPN licensing, provide corporate devices for home use to those who would not ordinarily have them, and adopt new applications without really assessing risk. Over the past few months, most of us have come across several posts/news post on tips for working at home or risks associated with work-from-home (WFH), but what remains is a question on how has this situation influenced the attacker?
This is an interesting question. From what is understood, it seems that there may be a degree of moral code under certain ransomware groups. While most of the groups seem to have pledged not to hit hospitals or pharmaceuticals until the COVID-19 situation improves, there are some malware groups which are still actively targeting hospital systems to exploit the situation.
Here are some techniques being used by attackers:
While social engineering attacks have been happening since the dawn of the digital age, there are many tools at the disposal of the social engineer.
Manipulating the social paradigm shifts in work-from-home situations allow attackers to socially engineer people who have let their guards down and accept more risk than normal. With more WFH scenarios, all facets of social engineering need to be defended against this.
Fraud and disinformation campaigns are happening at an increased pace to take advantage of the global pandemic. The tools which social engineers use are varied to include phishing, vishing and smishing.
There a lot of non-technical people communicating over Zoom and during the virtual meetings and happy hours, users often change their backgrounds to lighten the mood. This is an opportunity for an attacker who can easily create a website that promises and perhaps includes downloadable Zoom backgrounds while delivering malware at the same time.
Another example of the COVID-19 changing our behaviour is in the number of home delivery orders being placed. Of late, these delivery orders have become a necessity, and e-commerce and e-delivery companies have mentioned that the increased demand can impact the timeliness of the deliveries. This creates a big opportunity for an attacker. There is a higher probability that users who receive phishing emails regarding their delivery packages being delayed would actually have open orders. This would increase the likeliness of a user to click the link.
These are just two phishing examples of how attackers take advantage in the change in behaviour that has come with COVID-19. Many other phishing scenarios are becoming more prevalent and more damaging, and with the pandemic situation rapidly changing, there will be more hypothetical information to phish against, and there will be new techniques, tactics and procedures for more advanced phishing campaigns.
There is an increase in this type of social engineering in the COVID-19 world. With the ready availability of burner apps and the ease to spoof caller IDs, these types of social engineering attacks are easy to execute, and are unfortunately highly successful, depending on the demography of the victim. The main objectives are fraudulency and identity theft.
Smishing, or SMS phishing, is on the rise and is one of the easy ways to entice vulnerable victims. Attackers are sending SMS messages for members of society to pre-emptively receive stimulus as shown below.
Additionally, fake COVID-19 smishing is occurring where the intended victim has been in contact with someone who is infected as shown above. This is especially dangerous as the government and agencies are ramping up contact tracing as an important part of a restoration of normal society.
The author is Chetan Jain, Director at Inspira Enterprise. Views are personal
Tags:Covid-19 Cyber Security views