Ex­perts warn against phish­ing at­tacks

Hindustan Times (Jalandhar) - - HTSPOTLIGH­T - HT Corre­spon­dent letters@hin­dus­tan­times.com

NEW DELHI: Mil­lions of In­di­ans could be tar­geted by fake emails, so­cial me­dia posts or texts mes­sages re­lated to Covid-19 in or­der to steal their cre­den­tials or com­pro­mise their com­put­ers, In­dia’s of­fi­cial cy­ber­se­cu­rity agency Cert-IN said in an ad­vi­sory up­loaded on Fri­day, cit­ing a re­port from in­de­pen­dent re­searchers who said the at­tack is be­ing planned by North Kore­abased cy­ber crim­i­nals.

The alert is the lat­est in a se­ries of warn­ings from cy­ber­se­cu­rity firms across the world about hack­ers ex­ploit­ing in­ter­est in the coro­n­avirus disease pan­demic to lure peo­ple into click­ing on fake lo­gin pages or down­load­ing ma­li­cious files that could cre­ate a back­door in their com­put­ers.

“The phish­ing cam­paign is ex­pected to im­per­son­ate gov­ern­ment agen­cies, de­part­ments and trade as­so­ci­a­tions tasked to over­see the dis­burse­ment of the gov­ern­ment fis­cal aid,” the ad­vi­sory by Cert-IN (In­dian Com­puter

Emer­gency Re­sponse Team) said, cit­ing a re­port by Sin­ga­pore­based cy­ber­se­cu­rity firm Cy­firma.

Such cam­paigns usu­ally have a fi­nan­cial mo­tive since ac­cess to a per­son’s email ac­count or their com­put­ers in en­tirety could al­low the cy­ber­crim­i­nals to break into peo­ple’s bank ac­counts.

The po­ten­tial for dam­age “is im­mea­sur­able”, Cy­firma’s CEO Ku­mar Ritesh said in re­sponse to ques­tions over email. “When PII (per­son­ally iden­ti­fi­able in­for­ma­tion) is stolen, im­per­son­ation will take place where hack­ers can use your iden­tity to com­mit all sort of crimes, or in­fil­trate cor­po­rate sys­tems. For this par­tic­u­lar phish­ing cam­paign, hack­ers are look­ing per­sonal de­tails / PAN no / communicat­ion ad­dress / health con­di­tions,” he added.

Ac­cord­ing to Cy­firma’s re­port, the at­tack is yet to be­gin and could in­volve two mil­lion email ad­dresses that the cy­ber ac­tor – iden­ti­fied as the well-known Lazarus group -- seem to have. The hack­ers, in par­tic­u­lar, plan to cap­i­talise on an­nounce­ments of fi­nan­cial aid “to lure vul­ner­a­ble in­di­vid­u­als and com­pa­nies into fall­ing for the phish­ing at­tacks,” it said. Some of the other emails may pre­tend to be from author­i­ties and of­fer peo­ple to sign-up for free Covid-19 test­ing.

“As of time of re­port­ing (18 Jun), we have not seen the phish­ing or im­per­son­ated sites de­fined in the email tem­plates. But our re­search shows the hack­ers were plan­ning to set that up in the next 24 hours,” the re­port said.

It was un­clear how the email ad­dresses of the In­dian tar­gets were com­pro­mised. “But it is fairly easy to scrape and steal email ad­dress from so­cial me­dia and other plat­forms...,” Ritesh said.

The cam­paign was also plan­ning to tar­get peo­ple in US, UK, Ja­pan, Sin­ga­pore and South Korea, it added. The anal­y­sis car­ried pur­ported screen­shots of some of the phish­ing emails, which showed the text ap­peared to be signed by gov­ern­ment of­fi­cials. The mails could be sent through spoofed ad­dresses – one of the ad­dresses it could be from is ncov@gov.in – and could in­clude links or files that can de­liver ma­li­cious code.

Some of these at­tacks in­volve state-based ac­tors, and cy­ber threat an­a­lysts have high­lighted the risks In­dian cit­i­zens face due to in­ad­e­quate data pro­tec­tion safe­guards.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.