14 May 2020
Sandro Bucchianeri, Absa Group Chief Security Officer.
Sadly, it’s not only the virus that’s spreading - the current pandemic is providing ample opportunity for cyber criminals to accelerate their efforts. The increase in Covid-19 related domains since January is, in itself, testament to possible increased criminal activity. This, coupled with growing uncertainty and widespread panic, creates the perfect environment for criminals to exploit vulnerable targets. Here are some of the current trends as well as possible measures to address the latest tactics…
1) Escalating phishing scams
The South African Banking Risk Information Centre (SABRIC) recently warned customers about a significant increase in phishing scams. Citizens are being manipulated into clicking on malicious links via emails and SMSes offering Covid-19 info, non-existent vaccines, hand sanitisers and masks, and then being persuaded to hand over personal data. Of course, this culminates in identity theft, and bank accounts being accessed and compromised. These emails also often contain documents, embedded with malware that can access files, monitor user keystrokes and worse yet, encrypt your entire hard drive.
Criminals are also successfully managing to spoof the website domains of credible institutions such as the World Health Organisation (WHO) or government departments, convincing recipients of the authenticity of the email's Covid-19 related content. Bottom line, if there is a sense of urgency or a “too good to be true offer”, it is probably a hacking attempt. Take the time to authenticate senders and websites, don’t click on any suspicious links and immediately delete any emails or text messages that seem unusual.
2) Fake apps
One of the most prolific, malicious apps doing the rounds is an application claiming to provide real-time Coronavirus info, including statistics and heat maps. However, unbeknown to the user, the app contains sophisticated malware now dubbed as “CovidLock”. This encompasses a screen lock attack, where users are denied access to their phones through the prompting of a password change. Once hackers have full control, victims are requested to pay across $100 in bitcoin, within 48 hours, to obtain a decryption code to unlock their phones. If they don’t comply, they are threatened with having their photos, contacts and data deleted or having their social media accounts exposed. The best way to avoid this, is to not trust apps from unknown third parties; rather download vetted applications from official platforms such as Google Play or Apple Store.
3) Capitalising on remote workers
During this period, non-essential workers who are able to, have had to resort to remote working - our reliance on technology has never been greater. This dependency naturally provides ample opportunity for cybercriminals to benefit. A number of employees have received mails (seemingly from employers) providing false links to cloud repositories or company email platforms, where hackers can easily obtain login credentials and access confidential business information. Criminals are also creating fake company purchase orders and invoices for sanitisers or other supplies, conning employees into transferring money to fraudulent accounts.
What’s more, with so many employees accessing (often unsecured) virtual private networks (VPNs) from home, company servers are also more susceptible to crypto malware. Here, hackers encrypt servers, demanding bitcoin in exchange for access. It also stands to reason that, with the increase in remote video meetings taking place, hackers are certainly getting creative. “Zoombombing” is occurring more and more, with hackers “gate crashing” zoom meetings, taking control of screens and showcasing pornographic or violent images. Not only are government departments and businesses vulnerable to these specific tactics, but they also run the risk of having confidential information fall into the wrong hands.
Make sure you don't share meeting links, pins, or screenshots (with anyone outside of those attending the meeting) and definitely not on social media; always ensure that a strong password is required to join; set up waiting rooms in order to control attendance; and ensure that only hosts are able to share their screens. These vulnerabilities also speak to the need for companies to develop appropriate security measures and protocols for remote working.
Ultimately, cybercriminals are taking full advantage of the prevailing fear, uncertainty and doubt. Unfortunately, we are not just fighting a devastating global virus impacting the lives of billions, but we are also fighting sophisticated individuals’ intent on gaining financially. Second guess everything you receive around Covid-19 and consult official channels for up-to-date and accurate information.