In the face of the coronavirus pandemic, cybercriminal activity continues to be an extremely significant threat to the organisations and the public. Cybercriminals are exploiting public fears surrounding the pandemic and the number of attacks that lead to financial losses are increasing fast. In the beginning of April, Gmail reported that they have been blocking over 18 million malware and phishing emails related to COVID-19 daily. Fraud prevention strategies and authentication policies need to adapt and improve to cope with the increasingly complex hacking vectors adopted by fraudsters as well as the new rules and regulations that are coming in place. In this week’s blog post, we analysed 3 examples of Malware and Cyber Attacks during COVID-19.
What is Malware?
Malware is a malicious software that hackers use to gain access or cause damage to a computer or network without the owner’s knowledge. Different types of malwares include spyware, viruses, ransomware and Trojan horses. The common denominator of the different malwares is that only one successful attempt is sufficient to shut down systems and provide hackers with access to sensitive information. It is imperative for organisations to learn about malware attacks to protect against financial consequences when the inevitable data breach strikes.
Attacks on Banks and Financial Institutions
According to news on ZDnet, the coronavirus pandemic has been tied to the 238% increase in cyber attacks targeted at banks. One example of these attacks is on Indian Cooperative Banks. These attacks if successful can take over the victims device and steal sensitive data such as customer details and SWIFT codes. They use a JAR-based malware, which is a Remote Access Trojan passed on through spam emails. Once downloaded, the attacker can take control of the victims device by sending commands through a remote machine. Upon the successful entry, hackers can log keystrokes, take screenshots, download payloads as well as extract sensitive information. These attacks start with an initial infection and then spread laterally to the rest of the network giving the hacker access to confidential information.
“With many countries now implementing open banking API and the number of devices able to access customer information, security of banking information is increasingly important,” said Lwanga Nyambare, Senior Fraud and Risk Analyst at Cybertonica. He added “From a detection standpoint, it is vital for anti-fraud companies to be at the forefront of technology. Using tools such as machine learning and artificial intelligence is important to keep ahead of every changing aspect of the fraud landscape where fraudsters are always looking to be one step ahead.”
Attacks on Video Conferencing Industry
According to the National Cyber Security Centre (NCSS), hackers have been reported to be registering domain names very close to those of trusted entities and organisations such as Zoom, Google Meet and Microsoft Teams. These fraudulent domains and URLs have been shown to contain only minor differences that can easily be overlooked by users, and are being posed as the official site of a trusted organisation with the intention of tricking users to download files which contain malware that provides hackers with access to the users’ personal information.
For instance, on the popular video conferencing platform Zoom, hackers have been reported to infiltrate and disrupt meetings, referred to as “Zoom-bombing incidents”. In addition, last month Forbes reported that over 200 million Zoom users could be at great risk of ransomware attacks and threats due to a subset of malware that gives hackers access to all information on the victims computer. Recently, Business Insider reported that hackers have gained access to 500,000 Zoom users’ credentials which are currently up for purchase on the dark web. This issue is tied to a flaw that was identified on Zoom where hackers are able to record meetings and view chats without the knowledge of the participants. As with all malware, this is particularly complex to detect due to the victims being unaware of their stolen credentials.
“Users often ignore timely updates or install software like browser extensions or apps from untrusted sources and thus make the hackers’ tasks easier,” said Cybertonica CTO and Co-Founder Sergey Velts. He added: “Even if the user is aware of cyber risks and follows all recommendations, fraudsters can exploit zero-day vulnerabilities using malware. For that reason, companies should adopt an additional line of defence for their systems such as behavioural authentication that can easily identify illegitimate users as their behaviour cannot be imitated precisely by the malware.”
Attacks on Healthcare Industry
Healthcare industry has become a critical target of malware and ransomware attacks during the pandemic. Although only 27% of the attacks were targeted at hospitals between January and the beginning of May, these attacks have had severe consequences for the patients and healthcare professionals. Despite the warnings issued by Interpol and other governmental bodies around the world regarding ransomware attacks on healthcare organisations, the security measures were not able to be replaced due to the circumstance and outdated servers as well as lack of internal security protocols continued to be the major points of entry for hackers.
For instance, Hollywood Presbyterian Hospital in California was recently a victim of a malware attack that led to delayed patient care and the systems to temporarily shut. The hospital lost access to their files and their internal network and had to pay US$ 17,000 in Bitcoin to regain access to bring the systems back up. Similarly in Czech Republic, Brno University Hospital was hit by a malware attack which also led them to systems to shut down cancelling all of the operations that required the relocation of the critical patients to other hospitals.
“Ransomware campaigns are shifting focus from individuals to organisations, critical infrastructures like hospitals are the perfect targets for this kind of extortion because they provide crucial care and rely on up-to-date information and connectivity to data,” saidMark Gaffney, Head of Innovation at Cybertonica. He added: “Rogue actors know if you have patients, you are going to panic quicker than if you are selling or running any other type of business and this has fuelled attacks in recent months mainly due to the work and payoff balance for hackers to be huge… We need to focus on security solutions that cannot be so easily bypassed; biometrics, behavioural analytics, machine learning and artificial intelligence are the future of technology and need to be enforced as key elements of digital security for all organisations.”
It is displayed time and time again that fraudsters will try and find new vectors to pose great threat towards both private and public organisations. This reaffirms the need for corporations and individuals to invest in fraud prevention and cyber security products and continuously educate themselves to contribute to the preventing of exploitation of entities.
Visit our website to learn more about how Cybertonica can protect your business and your customers from hackers and fraudsters during COVID-19.
Cybertonica is an award-winning platform for the management of risk, AML, compliance and fraud detection. Through continuous authentication, friction is eliminated for legitimate users and payment agents while automation delivers huge efficiencies in managing fraud prevention. Cybertonica means no compromises on inclusion, risk, privacy or security.
Cybertonica has won numerous distinctions and awards since its product came to market, including the “Best Use of Payments Data Award” at Emerging Payments Awards 2018 and the “Best Data Analytics and Science Award” at Merchant Payments Ecosystem Awards 2018. Visit cybertonica.com to join us and build the future of Trust in Transaction™.