June 17, 2020
With the spread of novel COVID-19 across the globe, threat actors are ramping up their efforts by leveraging public fear and frenzy to gain financial benefits with the help of phishing and malware attacks. Many fake websites, disguised as sites dedicated to reporting health and government news and updates related to COVID-19, were reported by domain security research groups. One website claiming to be associated with a reputed medical and healthcare agency provided a list of new cases containing corrupted links. When clicking on the links, users would be redirected to malicious websites that would automatically download and run the malicious executable file. The premise that encourages the attackers to believe in the success of their plan is the people’s psychology to make bad choices under the influence of panic and fear. Some approaches also consider and attempt to prey on the altruistic nature of some individuals, for instance, a phishing mail reported by The Sydney Morning Herald requested bitcoin donations by disguising themselves as CDC volunteers.
As the public is extensively relying on the internet for information and advice about this pandemic, they unknowingly fall victim to phishing scams that were designed by threat actors. A spike in multiple phishing cases and hacker activity has been noted during the global strike of the novel coronavirus. The Sydney Morning Herald also reported a 130% increase in Smishing messages. Many cybersecurity institutions have reported the rise in email scams meant to target healthcare workers to obtain personal and financially damaging information.
Phishing attacks by themselves do not benefit threat actors much, but what comes after this attack is. Phishing emails are usually followed by other attacks, majorly the ones that directly yield financial gains such as ransomware, malware installations such as bots, cryptomining, etc. The current COVID-19 pandemic is being utilized by these attackers to spread both false and legitimate information to arouse users’ curiosity and prompt them into clicking links or downloading malicious apps or attachments. Threat actors are using different modes of phishing attacks to lure a wide spectrum of users.
The occurrence of phishing was not uncommon before the havoc of COVID-19, but now that many organizations are busy combating the spread of this pandemic, threat actors are trying to exploit the constrained manpower and resources committed to combating cyberattacks. Cybersecurity is also dependent on many other branched sources and processes to form a network of security operations; thus, the closure of any one vertical will hit the efficiency of the entire network.
This is the first and the most prominent stage after the intrusion attack step. The user’s information, such as usernames and passwords are stolen through malware such as spyware that can steal the data from the user’s device without their consent or knowledge. Rootkits dropped from malicious websites can also help attackers to sniff the user’s device and network for important data.
This is the latest trend that is used not only by hackers but also by some freemium applications or websites that try to justify their actions by stating their advertisement-free service. While some cryptomining malware, also known as crypto jacking programs, target laptops and desktops to mine cryptocurrency, others target smartphones and tablets. Kaspersky Labs dubbed one of the more powerful cryptomining/cryptojacking malware programs as Loapi, which is designed to hijack the processor of an Android smartphone to mine cryptocurrency, and is intensely invasive to overheat the phone’s battery, hence damaging the device physically.
Cryptomining may seem a malicious technique used by a hacker but, in fact, is the official and legitimate method of transaction authentication involved in the blockchain process of bitcoin. As Bitcoins are cryptocurrencies used for online transactions, not regulated by any government organization, the question arises as to how these currencies are valid. Well, just like any currency (which is made of materials like paper, plastic, and/or metal) — which in itself has no value but represents the trust in the government or economy of the society —Bitcoin is regulated by many crypto miner groups (in millions) across the globe, hence making trust one of its core values. When Bitcoin transactions happen online, the transactions are recorded in the blockchain ledger. The hackers usually steal bitcoins by gaining access to the victim’s digital wallets
Also known as cookie hijacking. It occurs when an attacker gets control of cookies being exchanged between the user and the webpage. Cookies are generally used by webpages to monitor user experience and contain important information about the user which when hijacked by the attacker can be misused to create a man-in-the-middle attack (MITM), where the attacker smuggles the packets being exchanged between the user and the website in such a way that the website thinks the hacker’s computer to be that of the user and the user thinks it to be part of the website. Session/cookie hijacking also leads to financial data loss as many cookies tend to record the user credit/debit card details and passwords for flexible user experience.
The prevention of the described issues for a non-technical person can only begin with learning and understanding through anti-phishing education and awareness training with revolutionary strategic security solutions like Aware, which provides security awareness training to help employees defend against various cyberattacks, including phishing. Simply knowing about phishing theoretically may not be entirely sufficient because, even if a person knows that email phishing is done via sending malicious/spam emails, he or she may not be able to differentiate between a benign and malicious email when faced with an actual phishing email. Thus, it is important to have practical experience in dealing with phishing attacks. Aware provide phishing simulations that mimic real-life attack scenarios, such as COVID-19 phishing scams, by sending employees phishing emails to gauge their level of susceptibility to phishing attacks. Based on those results, tailored education and mitigation knowledge will be provided to individuals who have failed the simulated phishing tests.
As the user is the first line of defense against any cyberattack, the knowledge on how to tackle phishing attacks is the most vital. Anti-phishing education can not only help to educate the employees of any organization to recognize and tackle phishing mails, but also assist the IT and technical staff to further strengthen their organization’s security against phishing. Though every vendor has its regime in its course, the basic elements taught are:
A. Spear phishing is a targeted attack where the attacker researches the victims before sending a personalized message or email.
A. Blockchain is described as a distributed and decentralized ledger where all members of the blockchain are aware of all the previous blocks as well as any new blocks.
A. Session hijacking is an attack over user sessions by masquerading as an authorized user. Generally, it applies to browser sessions and web applications hacking.