With more than two million cases globally, the coronavirus pandemic has undeniably created a massive disruption and continues to pose a real-life threat to humans from around the world.
But has this invisible risk crossed the physical world and reached the online domain? Findings from the researchers of global cybersecurity company Kaspersky suggest so.
“Is the pandemic only a physical threat to us or has the virus become a threat in cyber domain too? Any big trend or any big event on the physical world will always have a reflection on the cyber domain,” confirmed Vitaly Kamluk, director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
In an online webinar dedicated to media from the Asia Pacific (APAC), Kamluk noted how COVID-19 has disturbed the normal IT ecosystem of organizations in the region and in the global stage as well.
The different forms of quarantine measures resulted in more staff bringing work computers to arguably unprotected home networks. This trend of working from home widens the surface of attack cybercriminals can exploit. It also turned the usual consumer protection to an enterprise concern as an increased number of employees access their companies’ assets and networks through their vulnerable personal devices.
It is also understandable that companies have to proactively cut budgets, choose cheaper cybersecurity solutions, and have lost the ability to do incident response on location in case of a cyberattack.
Social engineering attacks have also become easier during the global chaos as more people fall for simple tricks, and cybercriminals are well aware of it. In fact, Kaspersky researchers have detected a seven-year-old malware in Vietnam and in some countries in APAC resurrected through its automated behaviour and made relatable just by adding “hot phrases” related with the current coronavirus situation.
After spotting the self-propagating malware in the wild, Kamluk noted that it automatically adapts to COVID-19 pandemic as a computer parasite piggybacking on the coronavirus being a hot topic and used as a “carrier” for the cyber counterpart.
“Using the names and popular terms related with the current pandemic simply elevated the probability of these worm to be opened by another user after it was copied to a network share, or a USB drive,” he added.
Below are the names of the detected malware files:
· BC rut kinh Nghiem COVID.exe
· Tuyen truyen dich COVID 19.exe
· 2KH CXUNG KICH COVID.exe
· KE HOACH COVID GIAI DOAN 2.2020. chuan.exe
Automatic translation from Vietnamese:
· BC learned from experience COVID.exe
· Propagating translation COVID 19.exe
· COVID PLAN GIAI DOAN 2.2020. standard.exe
Threat Dynamics: Peaks and lows suggest cybercriminals are also humans
In terms of web threats, Kaspersky has also monitored a steady increase of internet-borne malware from last week of January to mid-March. Interestingly, there was a consistent decline from then on until the first week of April.
Analysis from Kamluk suggests that this period was when the European Union and other countries started implementing social distancing, strict quarantine, and stay-at-home measures.
“The government measures affect the cybercrooks, as well, because they are humans, too. They have to stay at home. I am not sure if they go to office but they also have to take care of their everyday living, like restock their food supplies, running around looking for popular demands such as toilet paper. These did affect their business for sure as we see the number of blocked threats went down.”
Another factor which resulted in the d companies closing down at first. Operations were halted due to absence of remote working tools and policies.
When it comes to COVID-19-related threats between the periods of February to the first week of April, Kaspersky has observed four malware campaigns where cybercriminals were distributing infected URLs and files massively.
Likewise, there are drops during the weekends. This is because people working from home also follow their regular office hours or business schedules, keeping their laptops and work emails untouched during Saturdays and Sundays. In turn, this results in lower online activity and fewer email exchanges.
In terms of email scams, Kamluk showed a couple of examples which prove how cybercriminals are unethically riding on the pandemic. He also noted that cybercriminals keep on exploring other means to infect users, such as avoiding the usual .zip and .rar files which are usually blocked by security solutions.
The top topics being used to scam people are:
· Government orders
· Money reimbursements coming from government or employer
· Promise of the vaccine
· Offerings for home test-kits
· Impersonation of medical institutions and staff
· Charity and donations
· Virus infection tracking apps for mobile
· Investment and stock offerings
· Medical supplies in high demand – such as face masks and sanitizers
· Government financial support initiatives
Hope in the time of coronavirus
While cybercriminals will continue to use the pandemic for their financial gain and personal interest, Kamluk has also shared how cybersecurity professionals are uniting to stop the online crooks on their tracks.
He shared about the COVID-19 CTI League which is a non-profit, voluntary focus group made up of more than 150 different individuals and organizations across the globe which try to take down fake websites, detect coronavirus-related malware, as well as offer incident response in case of an attack. Kaspersky is part of this group, alongside other researchers and individuals from the government, academia, and private organizations.
The challenge in terms of responding in case of an attack can also be assisted by Bitscout. It is an open-source and free tool developed by Kamluk himself for all people interested in digital forensics and cyber investigations. It aims to help organizations especially law enforcement agencies to conduct incident response and analysis without traveling.
