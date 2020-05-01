By | Published: 6:05 pm

Hyderabad: Over the past months, two major trends have been witnessed. Several organisations globally have shifted to remote working. At the same time, cyber attackers are leveraging the Covid-19 situation to launch phishing and social engineering attacks. Every nation has seen at least one Covid-19 themed cyberattacks.

Banking, telecom billing and e-commerce transactions are seen as the major targets for attackers. It has thus become important for organisations and individuals to keep a close eye on the security and privacy of data, experts point out.

Akhilesh Tuteja, co-leader, Global Cyber Security, KPMG International, told Telangana Today, “The most pervasive threat that we are seeing in the Covid-19 times is phishing. Though the number of phishing attacks has not increased substantially, but the number of phishing attacks that are Covid-related has gone up dramatically. These are very targeted attacks where the motive is generally money. Whenever any new situation comes up in the world, the attackers pivot their thinking on that.”

“In the case of Covid-19 pandemic, there is a double trouble to the digital economy. One is that of luring people to click a link in the pretext of providing access to information about where medicines are available, how many cases are reported in a region. The other being distribution of fake links through mails and messages asking people if they would like to donate to support the governments, NGOs or individuals to help the needy. This money is going to fraudsters,” Tuteja observed.

Another emerging issue is that of rogue app crime, where people are developing apps which do things other than what they claim to do. These fake apps track the location and Wi-Fi of the user and access Bluetooth, as people give permissions without knowing the true intent. These apps take control of one’s device and the fraudsters are able to carry out financial transactions. Also, business email compromise is another threat that is on the rise.

Mary Jo Schrade, assistant general counsel, Regional Lead, Microsoft Digital Crimes Unit Asia, says, “Attackers do not suddenly have more resources. Instead they are pivoting their existing infrastructure for the distribution of ransomware, phishing emails, and other malware, leveraging Covid-19 keywords that get us to click on links or open emails.”

Given that cybercriminals are looking for ways to exploit vulnerabilities and leverage the weakest links, protecting usernames and passwords and requiring users to provide a second form of verification to prove their identity can help organisations to strengthen their security perimeter, she noted.

Tuteja added, in the pre-Covid-19 scenario, employees of an organisation were operating within a trusted security perimeter, with office firewall and several other controls. But because of the shift to remote working now, perimeter controls have become low. Vulnerability levels are high as people are using their personal devices for office use.

