ATTACKERS USING FAKE COVID-19 LINKS TO STEAL USERS’ DATA
Amidst the outbreak of the Covid-19 global pandemic, hackers and cyber threat actors have increased their notorious activities, targeting vulnerable individuals.
The cyber attackers have taken to new methods to launch phishing attacks to steal valuable information from users’ phones or computers. The attackers are using fake Covid-19 links and information based windows, Covid-19 maps to launch potential attacks and when one clicks on that particular link, all personal information is stolen by the attacker.
The CERT-IN (Indian Computer Emergency Response TeamIndia) has also released several cyber threat perceptions and reported on new methods being used by attackers since the last one week, when the entire nation is under lockdown. The CERT-IN in an advisory said that “threat actors are using new strategies to target victims with scams or malware campaigns.” Some of the new strategies include, using legitimate corporate branding in the name of Covid-19 to send malware to victims, using promotional code “Covid-19” as discount codes to install malware into their system or phones. Once “coronavirus maps” are installed, hackers have access to the victims’ camera and microphone, among others.
The CERT-IN has identified some of malware families being used in the Covid-19 cyber attacks. Some of them include: Agent Tesla, Trickbot, Lokibot, Covidlock, Trickymouse, among others.
“With many organisations asking their employees to work from home during the lockdown, switching to remote working has increased the risk of cyber attacks for both the employee and employers. There is an increase in the number of cyber attacks on computers, routers and unprotected home networks who have switched to remote working,” CERT-IN said in a statement. The organisation has also further altered that cyber criminals are also sending out phishing emails impersonating credible organisations that are seeking donations to fight the Covid-19 pandemic. Work from home has also resulted in the increased usage of video calling and the use of applications that help conduct video conferences and online seminars. One of the most prominent such applications includes the Zoom. However, the CERT-IN, the Delhi Police’s Cyber Crime cell, as well as renowned anti-virus company Kaspersky has flagged security issues with such applications. The Kaspersky laboratory analysis has detected around 1,300 files that have names similar to prominent applications like Zoom, Webex, and Slack. CERT-IN has issued some safety guidelines to protect individuals and organisations from being hacked or their security being compromised while using the Zoom.
Some of these guidelines include keeping the Zoom software up-to-date, using unique and difficult passwords, enabling the “waiting room” feature to be approved by a single call manager, to disable the “join before host” feature. The CERT-IN has also brought to light several fake UPI IDS that are widely being circulated on social media and Whatsapp, seeking donations to the Prime Minister’s Relief Fund and the “PM CARES” fund.
Some of these fake UPI IDS include pmcares@pnb, pmcares@hdfcbank, pmcare@yesbank, pmcare@ybl, pmcare@ upi, pmcare@sbi and pmcares@icici.