-with Gregory E. Bautista
FUELING the fears caused by the pandemic, cybercriminals are using the World Health Organization to trick the unwary to turn over sensitive personal information.
At an online webinar and press conference last week, Kaspersky director for Global Research and Analysis Team (GReAT) Asia Pacific Vitaly Kamluk said that cybercriminals have been using a series of tools including crawlers, self-executing files, as well as tried and tested social engineering tactics in order to execute their dastardly deeds.
“Is the pandemic only a physical threat to us or has the virus become a threat in cyber domain too? Any big trend or any big event on the physical world will always have a reflection on the cyber domain,” Kamluk observed.
The online webinar, dedicated to media from the Asia Pacific (APAC), began as a study session where Kamluk noted how COVID-19 has disturbed the normal IT ecosystem of organizations regionally and globally. In both theaters, cybercriminals also operated differently. At center stage worldwide is the World Health organization.
“The World Health Organization was a particular favorite of cybercriminals. Simply because sending emails with a WHO logo can fool people into donating money, or surrendering credit card information,” Kamluk said responding to a question from Malaya Business Insight.
Variations to a scam
The top topics being used to scam people using variations of the WHO email, use of its logo, names of its officials or websites that appear to be a legitimate WHO site include using fake government orders, money reimbursements coming from government or an employer and the promise of the vaccine wherein a downpayment is required.
Taking advantage of the fear of the virus, people are fooled into using their credit or debit cards to pay offerings for home test-kits, certain virus infection tracking apps for mobile, investments and stock offerings for cures and vaccines, availability of medical supplies that are in high demand — such as face masks and sanitizers and government financial support initiatives in relation to DOLE or DSWD issuances, for example.
Cybercriminals even impersonate celebrities, or medical staff to mulch “donations” to be used allegedly for charities and medical institutions.
Falling for simple tricks
Intensified social engineering attacks during the global chaos is a result of more people falling for simple tricks. Cybercriminals are well aware of it. Kaspersky researchers have detected a seven-year-old malware in Vietnam and in some countries in APAC resurrected through its automated behavior and made relatable just by adding “hot phrases” related with the current coronavirus situation.
Kamluk showed a couple of examples that prove how cybercriminals are unethically riding on the pandemic. He also noted that cybercriminals keep on exploring other means to infect users, such as avoiding the usual .zip and .rar files which are usually blocked by security solutions.
Work at home issues
Kamluk also said that though working from home is highly favorable, the different modes of working and the various technologies used also open up vulnerabilities.
He pointed out that the many forms of quarantine measures resulted in more staff bringing work computers to arguably unprotected home networks. This trend of working from home widens the surface of attack cybercriminals can exploit. It also turned the usual consumer protection to an enterprise concern as an increased number of employees access their companies’ assets and networks through their vulnerable personal devices.
Cutting budgets
It is also understandable that companies have to proactively cut budgets, choose cheaper cybersecurity solutions, and have lost the ability to do incident response on location in case of a cyberattack.
“The government measures affect the cybercrooks, as well, because they are humans, too. They have to stay at home. I am not sure if they go to office but they also have to take care of their everyday living, like restock their food supplies, running around looking for popular demands such as toilet paper. These did affect their business for sure as we see the number of blocked threats went down,” Kamluk concluded.
Hope amid the pandemic
While cybercriminals will continue to use the pandemic for their financial gain and personal interest, Kamluk has also shared how cybersecurity professionals are uniting to stop the online crooks on their tracks.
He shared information about the COVID-19 CTI League, a non-profit, voluntary focus group Kamluk set up himself. It is made up of more than 150 different individuals and organizations across the globe which try to take down fake websites, detect coronavirus-related malware, as well as offer incident response in case of an attack. Kaspersky is part of this group, alongside other researchers and individuals from the government, academia, and private organizations.
The challenge in terms of responding in case of an attack can also be assisted by Bitscout. It is an open-source and free tool developed by Kamluk himself for all people interested in digital forensics and cyber investigations. It aims to help organizations especially law enforcement agencies to conduct incident response and analysis without traveling.
Find out more about Bitscout here: https://bitscout-forensics.info