(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Cybercriminals are shifting their targets from individuals and small firms to large companies, government agencies and critical infrastructure to cause greater damage and get more financial gain, according to a report by the international police agency.
Interpol said that the shift in cyberthreat landscape, compounded by the pandemic, is putting additional strain on law enforcement agencies globally as attacks are rising at an “alarming pace.”
Interpol’s Cybercrime report is based on a survey of four dozen countries across Asia, Europe and the US.
The report highlights phishing campaigns as the most used method to target companies and individuals as two-thirds of member countries who responded to the survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak began in January.
In the first four months of this year alone, 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs, all related to COVID-19, were detected by Trend Micro, a cyber security firm.
The report highlights phishing campaigns as the most used method to target companies and individuals. Source: Interpol
Within Asia and South Pacific region, coronavirus-related fraud and phishing attempts have been on the rise. This region also saw illegal online sale of fake medical supplies, drugs and personal protective equipment.
Fake news and spread of disinformation were another major threat contributor in Asia.
Cybercriminals exploited security vulnerabilities in teleconferencing tools that people used extensively while they sheltered at home during the pandemic.
The Global Cybercrime Survey also highlighted the use of data harvesting malware with COVID-19 related information as a lure. Threat actors deceived people to execute malware, such as remote access Trojans, info stealers, spyware and banking Trojans to compromise networks, harvest data, divert money and build botnets.
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” Jürgen Stock, Interpol’s Secretary General said.
Evolving attacks for large firms
On the shift from small companies and individuals, Interpol’s report says, disruptive malware campaigns have moved to “government agencies and the healthcare sector, where higher financial demands can be made.”
Several countries have also reported a rise in attack against critical infrastructure of government organizations, hospitals and medical facilities, which are already overwhelmed with the health crisis.
Ransomware and Denial of Service (DoS) attack in these areas worsen the dire situation, the report said.
According to an analysis by Interpol’s fusion centre, a partnership between private investigators and law enforcement agencies, ransomware attacks by relatively dormant threat groups were on the rise in the first two weeks of April 2020.
This means that several organisations’ systems could already have been infected with the malware, but it may not have been activated by attackers yet.
Threat actors may be using this dormant time to thoroughly understand targeted organisations’ networks and systems to attack spots that offer most bounty, according to analysis by law enforcement agencies that worked with Interpol.
“When the ransomware is deployed on strategic locations in the network which maximizes disruption of the business process, organizations are often coerced into paying the ransom,” Interpol’s report said.
Interpol has listed CERBER, NetWalker and Ryuk as the top three ransomware families.
According to McAfee’s advanced threat research team, NetWalker “evolved to a more stable and robust” ransomware-as-a-service model, and the “malware operators are targeting and attracting a broader range of technically advanced and enterprising criminal affiliates.”
NetWalker alone has extorted $25 million in just five months since March 1, McAfee said.
The three ransomware families are evolving to increase potential damage of a single attack and to make financial profit, Interpol’s Cybercrime report said.
The agency sees the trend in cyberattack to grow as more organisations are asking their employees to work from home. Also, vulnerabilities in the home and enterprise systems will enable threat actors to ramp up their activities more advanced methods.
Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
Published - August 11, 2020 12:54 pm IST
