Ever since the COVID-19 pandemic broke out, hackers have ramped up phishing and ransomware attacks at least by fivefold with some of the biggest names in technology becoming the favourite targets of cyber criminals.
Apple has proved to be a lightning rod for phishing attacks during the first quarter of 2020, according to Check Point Research, the cyber threat intelligence arm of Check Point Software Technologies.
As per its study, Apple is the most-frequently attacked brand, soaring from seventh place a year ago to number one position in March this year.
For instance, Apple was involved in 10% of all brand phishing attempts that happened globally. Over-the-top player Netflix accounted for 9%, Yahoo 6%, WhatsApp 6%, PayPal 5%, Chase 5%, Facebook 3%, Microsoft 3%, eBay 3%, and Amazon 1%.
Majority of the phishing attacks during Q1, ie. 59%, happened on web and brands such as Apple, Netflix, PayPal and eBay were the top victims.
Attacks via mobile phones accounted for 23% and most hit included Netflix, Apple, WhatApp, Chase and the likes. Some 18% of the cyber safety intrusions came via email with Yahoo, Microsoft, Outlook, Amazon being the key targets.
“Cybercriminals continue to exploit users by adopting highly-sophisticated phishing attempts via. emails, web and mobile applications purporting to be from well-recognised brands which they know will be in high demand, be it a high profile product launch or just generally tapping into behavioural changes, we’ve seen during the COVID-19 pandemic,” said Maya Horowitz, director, threat intelligence and research, products at Check Point.
Anti-virus software developer McAfee said, “The volume of threats related to COVID-19 has been significant, with lures used in all manner of attacks. Tracking these campaigns reveals the most targeted sector is healthcare, followed by finance, and then education.’’
Bad actors have been discovered spreading documents that talk about the pandemic and are weaponised with malicious macro-code to download malware to the victims’ systems. “There are several malicious apps that abused key words connected to the pandemic,’’ McAfee further said.
Vulnerability of remote working
The pandemic has pushed everyone into the confines of their homes, with companies, having their workforce Working From Home. This remote location-based system of operations results in an increased dependence on technology to maintain networking for the seamless exchange of information and work-flow data.
“India currently has over two million IT workers working from home. Hackers are on the look out for opportunities to target loopholes and gaps, taking advantage of vulnerabilities,’’ said TAC Security, a cyber security outfit.
According to Mary Jo Schrade, assistant general Counsel, regional lead, Microsoft Digital Crimes Unit Asia, organisations and employees need to follow a few best-practices because 91% of phishing attacks start with an email.
The COVID-19 outbreak has revealed a multitude of vectors, including one in particular that is somewhat out of the ordinary. In a sea of offers for face masks, a recent posting on a dark web forum revealed the sale of blood from an individual claiming to have recovered from the COVID-19.
A trick that hacking communities have up their sleeves, according to Tony Velleca, CEO, CyberProof, and CISO, UST Global, is to offer a phishing method that infects victims with the malware by sharing an online map of COVID-19-infected areas as a disguise.
