Opportunistic criminals ramp up cyber-attacks during challenging times

While the world is paralysed in fear and heavily distracted by COVID-19, cybercriminals seem to have focused their attention on the WHO (World Health Organisation). Responsible for directing international public health within the United Nations, the primary objective of WHO is to ensure that all countries are advised on correct health procedures and are fully up to date on the health risks and threats that encompass the world.

Cybercriminals are seeking out ways to use the COVID-19 threat to mimic WHO and gain access to sensitive information, while taking advantage of panicked citizens the world over.

The Cyber-Attack on World Health Organisation

On the 13th of March 2020, cybersecurity researchers noted that a malicious site was set up mimicking the WHO internal email system. The main objective of this site seemed to be the theft of user names and passwords. Due to the nature of the attack, which seems focused on healthcare and humanitarian organisations, it appears that the hackers don’t have a financial motive in this instance, but rather an intent to gather data and intelligence.

Cybersecurity officials responding to the attack confirm that it was thwarted and suggest that the cyber-attack was possibly linked to nation state officials seeking intelligence. The source of the attacks were neither claimed nor confirmed, but it is clear that the objective was to gather information on tests, vaccines, and cures for the Coronavirus.

There is some suspicion that DarkHotel, a group first detected in 2014, was behind these attacks. The group is known to target corporates and diplomats using luxury hotel Wi-Fi networks.

The WHO Warns of Malware Scam

Since the onset of the COVID-19 pandemic, the WHO has been the target of many scams.

Cybercriminals have sent out a plethora of emails pretending to be WHO officials. These emails warn of the dangers of COVID-19 and request recipients to click on a link or open an attachment. Unfortunately, the communications are scams, an easy way to get concerned readers to unwittingly install HawkEye key-logging malware on their device.

Criminals Ramping Up Scamming Efforts

Cybercrime professionals have noticed that COVID-19 themed websites, in excess of 2 000 per day, are being set up by opportunistic criminals. There has also been an increase in botnet driven emails with malicious intent doing the rounds.

Protect Yourself

Fear surrounding the pandemic is being used to launch phishing and malware attacks the world over. Now more than ever before you need to protect yourself and your data, remain vigilant, and never interact with unsolicited emails received by health officials. If you do receive such an email, make contact with the organisation to confirm legitimacy of the email and communication.

In times of uncertainly, while criminals increase their efforts, it is important for citizens of the world (not just SA) to be vigilant, cautious and careful. Protect your personal data by erring on the side of caution.

Hackers don’t break in; they log in

When we think of hackers, we tend to visualise clever online criminals who use sophisticated software to decode or crack passwords and gain access to accounts. In most instances this just isn’t the case, as many people unwittingly hand their password over to a hacker without even realising it.

Cybersecurity officials are faced with the same reality: passwords are being stolen and advanced hacking tools are not always needed.

How it happens

So, how does a hacker get access to an employee’s user name and passwords?  We take a look at the most usual hacking methods below:

  • Phishing emails

One of the most common ways for a hacker to get a password without using technology is to ask for it. Yep, it sounds awfully easy, but one thing you need to realise is that for an experienced hacker, it is as simple as that.

Phishing scams are the most prominently used form of password acquisition. It requires no software, but rather involves a hacker pretending to be someone trustworthy or an official person. They usually make contact by email or telephone and make a very convincing story.

The email signature may include the company’s correct telephone numbers and website address, tempting people into trusting the communication.

During a one-on-one conversation about the specific account, the “official” (who is actually an opportunistic hacker) will request bits and pieces of information from you such as your username, your card number, your account number, your ID number and so on.

At some point in the communication, you may receive a link to a website where you are required to input your user name and password. Of course, the hacker now has the user name and password and can then use the employee’s account to send out seemingly trustworthy communications, authorise transactions, and carry out various functions on business systems while flying under the radar.

  • Typosquatting

Typosquatting is a form of phishing that was “big” a few years ago. For quite sometime it fell away, but trends show that cybercriminals are revisiting this type of phishing.

The cybercriminal will hijack a company’s domain by registering website URLs that are very similar to the original website address. If you are attentive to detail you might notice spelling errors in the website address before you click on it! However, if you don’t pick this up and visit the website, it will look almost identical to the official website. At this point you will be asked to log into your account by inputting your username and password, which is how your password is received by the hacker.

  • Spear Phishing

Spear phishing is another type of phishing where the hacker creates fake social media pages or online blogs in the name of their persona. The cybercriminal will put in a considerable amount of effort adding mutual friends and populating the pages in order to make the page look more trustworthy and reliable.

This type of phishing is used to give a persona credibility which then makes it easier for the criminal to communicate with victims and deceive them into sharing personal information.

The Reality

The reality is that sophisticated hackers don’t actually need sophisticated software to get your user name and password. Most often, they rely on clever trickery to get you to unwittingly hand over your password.

In essence, a hacker merely needs to have basic web design skills (to create website log in pages), social media skills (to create credible SM pages), and an educated and well-spoken approach to communicating either online or telephonically.

What Can You Do?

Doing regular data backups to a cloud based service that offers data encryption will keep your sensitive information safe, especially if your device or system is hacked and your data is breached. You should also be aware of:

  • Any emails requesting that you change your user name and password by clicking on a link. In this instance close the email, look up the official contact details of the company (do not use the details listed in the email) and make a personal enquiry into the legitimacy of the email.
  • Link attachments in emails, even if the source seems legitimate. Unsolicited emails might not raise a red flag in your mind, but they should.

Ensure that:

  • You have up to date anti-virus software and firewalls in place to flag suspicious behaviour on the device.
  • You update your software and systems regularly to ensure that any bugs and vulnerabilities are consistently updated and eliminated.

Take responsibility for the safety of your data and take action

Educate your staff members on the risks of cyberattachs, phishing and hackers, and always have an alert and aware approach.

Need more advice and solutions to data safety concerns? Contact Soteria Cloud today.

Coronavirus helps cyber-criminals spread their own viruses

To illustrate just how opportunistic cyber-criminals have become and how much integrity they lack, let’s take a look at the latest trend of using fears of contracting the Coronavirus to spread digital viruses. If you just read that and thought “what?” don’t worry, you aren’t alone. It’s rather astounding that criminals would stoop even that low…but rest assured that they do!

Ever opportunistic, cybercriminals have recognised the social media-induced panic in people and appear to be taking full advantage of the situation by sending botnet-driven emails that include malicious malware and viruses.

Latest cyber-threats have seen people receiving emails that infer the attached documents include pertinent information about the Coronavirus.

What do the Coronavirus Cyber-Attack Emails Look Like?

Most cybercriminal-created emails follow a similar pattern  – the main objective is to get the reader to click a link or open an attachment.

The subject of the email simply says “Notification” in Japanese. The email signature includes details of the local public health authority and includes the correct telephone and fax numbers, making them seem quite legitimate. The emails are written in Japanese, as the majority of people affected by the Coronavirus are from Asian areas. These are the prime targets.

There seem to be a number of versions of the emails doing the rounds, all of which appear to be sent from a disability welfare service provider operating in Japan. The email states that there have been confirmed cases of Coronavirus in a particular area. It then recommends that the reader opens the attached document for further details. Of course, opening the attachment is a bad idea.

Why is this Email Attack Working?

Social media has played a huge role in creating widespread fear of the virus. At every turn, the Coronavirus has centre stage on all the various social media platforms, which has been a contributing factor in giving the Coronavirus the fame of a global pandemic.  As with any contagious virus there comes fear, which leads to a certain amount of fear-induced poor judgement.

Last Word

It’s always important to consider how and why an authority would email you. If you are in doubt as to the authenticity of an email, before clicking on any attachments pick up the phone and call the authority to check if they have in fact sent out a notification.

Don’t be a victim to opportunistic cyber-attacks – think twice before opening attachments and clicking on links if you aren’t certain who the content comes from.

What Exactly are Cybercriminals Looking for?

South Africa is not experiencing Cybercrime for the first time. In fact, the general population and businesses have been hearing about cybercrime – and been adversely affected by it – for many years.

Have you ever wondered if you have what a cyber-criminal is looking for? Are you computing habits and behaviours putting you at risk? To answer this question, you first have to know what cybercriminals are looking for in the first place.

Cybercriminals all have an agenda

There’s no such thing as “winging it” as a cybercriminal. There’s a target, there’s a plan, and then there are weeks (sometimes even months and years) of hard work to achieve their goal. Most companies find it impossible to detect a hack attack before it’s too late.

What the Average Cybercriminal Looks for

Industry professionals imply that cybercriminals are looking for scenarios where their work will be hard to detect. Essentially, cybercriminals are searching for the following:

  • Business plans
  • Innovations
  • Opportunities to connect with partners, investors, shareholders
  • Government links
  • University scientific research

To date, the most reliable method for a Cyber-Criminal to hack these particular types of projects and data is – you guessed it – phishing. It’s a sad reality that people are still unmindful that clicking on a link in an email, or opening an unknown attachment to an email, can put them and their organisation at serious risk.

 

What most Cybercriminals do is send out emails pretending to be a colleague, manager, or interested party! When the email is opened and the files with it; the criminal gains access to the victim’s sensitive information.

How to Protect Yourself & Your Organisation

Protecting yourself and your organisation against potential cybercrime is essential. Below are a few tips:

  • Set a Cybersecurity policy in place that determines how members of the organisation are expected to behave electronically/digitally.
  • Educate all the various teams in your business to ensure that everyone is aware of the risks.
  • Use repetition to continually remind staff and team members of possible risks. You can put up warning posters, send out warning emails, and include it in the weekly agenda at staff meetings.
  • Ensure that you do regular encrypted data backups to a remote server; chat to a consultant at Soteria Cloud about this, at your convenience.
  • Don’t allow personal devices to store sensitive company information.
  • Ensure that you have anti-virus, anti-malware and a firewall installed on all computer systems.

Cyber-crime is no longer something that just affects the rest of the world. It is a problem that is very real in South Africa too. Protect your business, assets, research, and sensitive data with meticulous care.