The media is full of reports of heartless Cyber Criminals taking advantage of the attention paid to COVID-19 to lure victims into opening attachments on malicious emails. The recent crimes through digital means to lure citizens and deviate the legitimate remittance of relief fund to the Indian Prime Minister Relief Fund Bank Account has also been reported just 3 to 4 days of the channel being opened.
It was reported by Prime Minister’s Office, National Cyber Security Coordinator (NCSC), Lt Gen Pant, that fake UPI IDs were circulated on social media to seek funds under PM-CARES fund.
According to Delhi Police, the fake UPI ID was highlighted by twitter user @bishwesh0604. Anyesh Roy, DCP (cybercrime) said in a tweet that the fake UPI pmcare@sbi was created to confuse users as it is very similar to the correct UPI ID pmcares@sbi.
State Bank of India (SBI), in which the legitimate account has been opened; had also confirmed that such malicious activities were being initiated by perpetrators. The NCSC has also reported to have briefed the Bank about the same. The Bank has also taken proactive measures to block those fake ID that were created in the SBI Bank. Further, the NCSC has said to have cautioned the cybercriminals and has also warned of strict action if such unwarranted advantage of the present coronavirus crisis is taken.
The center has also invoked the Disaster Management Act 2005 by a suitable notification of the Ministry of Home Affairs (MHA) Government of India. The MHA has also come out with the Eleven (11) Empowered Groups for the planning and ensuring implementation of COVID-19 Response Activities under the provisions of Disaster Management Act 2005. The challenge is that the government has included the “Technology & Data Management” sub group– but the very fact that “Cyber Security and Incident Response” is a unique domain; was required to be addressed and a different Sub-Group should have been earmarked.
Cyber Secure India has been watching the challenges that countries have been encountering on the “Cyber Security and Incident Response” domain. As also Cyber Secure India has drawn precedence and case study from the countries that have taken “Cyber Security and Incident Response” as a serious matter while handling the COVID-19 outbreak and its influence on these countries:
COVID-19 Themed Domain Names Registered in since Dec 2019
Since the news of the outbreak and also after the pandemic has affected many developed countries and also the world over, thousands of domains have been registered containing terms like “covid,” “virus”, and “corona.”. Even Financial institutions have not been spared. New registration of Domain Names also include the faking of Banks. Not all of these will be malicious, but all of them should be treated as suspect. Whether they claim to have information, a testing kit, or a cure, the fact that the website didn’t exist until the pandemic became news should make us very skeptically for their validity. The fact that many of them have been registered by Dark-Web users is also a cause of concern. The NCSC of India, has also been seen quoting, of over 4000 such suspicious domains in India alone. Lt Gen Pant further said that soon after PM-CARES fund was publicised, “half a dozen” similar sounding websites were created such as “PM-care” etc. At present, organisations like CERT-In and the bank staff are working round the clock to block such malicious sites.
Phishing/Malware Distribution using COVID-19 Themes
Hackers or Attackers, taking advantage of the high amount of attention drawn by COVID-19, have resorted to luring victims into opening attachments on malicious emails and forcing them to click on phishing links. This is not a single attack or event campaign, but is being widespread use on virus-related themes. These attacks are then transcribed into Remote Administration Tools (RATs) like NetWire, NanoCore, and LokiBot, as well as other malware.
The Government of India has been proactive in passing instructions against False/Fake Information Campaign on Websites and Social Media; but is there a Monitoring and Incident Response mechanism in place? The publication of treatment methodology, information on number of patients, etc are being circulated on Social Media. As also publishing on False Dashboards, on Corona Virus, are on the rise, and there is no or little monitoring and implementation mechanism in place.
“Holding your breath for ten seconds is not a test for coronavirus and gargling water for 15 seconds is not a cure – this is the kind of false advice that is seen coming from sources claiming to be medical experts,”
All this and more, acts as a stumbling block in all the efforts that has been initiated by the Government to fight the outbreak of COVID-19 in India.
This being the demand, there is all the more reasons, for Government of the day to create a “Cyber Incident Response” in tandem with other groups including the health bodies. This will also assist in promoting official medical advice, rebut false narratives and clamp down on criminals seeking to exploit public concern during this pandemic.
Perception Management and Government Governance Management
The Government in this time of crisis, need to coordinate and facilitate all the initiatives of the Medical Fraternity and also the Supply Chain of Food and Essentials. Attack by adversaries on Critical Infrastructure cannot be ruled out at this testing times cannot be ruled-out. These attacks by adversaries may hit the weakest link, especially when the guards are down. Perception Management, Critical Infrastructure Management and also Security of the Nation can be threatened by Cyber means.
The “Cyber Security and Incident Response” Sub-Group could have coordinated among the Government departments on the appropriate response – from direct rebuttals on social media to working with platforms to remove harmful content and making sure that public health campaigns are promoted through reliable sources.
This team could also have worked with Manufacturing Industries, Agri Produce Stakeholders, Roadways, Supply-Chain Stakeholders, LEAs, Social Media companies, etc, to allow the system to sustain during the lockdown and also may have been able to stem the spread of falsehoods and rumours which will cost the Government, especially due to time and resource overrun.
Cyber Security for Work-from-Home and advisories and creation of environment for the same
The Lockdown so imposed has forced many enterprises to work from home. This entails the provision of Internet and also the Security overlay for such enterprises. The nations Internet Availability and Throughput, is a matter that cannot be neglected. Also the threat of working away form the actual Office or the otherwise Cyber Secured environment of the office, is not available from home. The earmarking of the “Sub Group” or “Empowered Group” to look after the Cyber Security and Business Continuity was essential. Especially, when these enterprises are making efforts to keep the economy of the nation afloat in this time of economic crises.
In this time of crisis, the heartless and those in the society aiming at making fast money, are at their best without fear; as they are also aware that the machinery is involved in many other tasks and also in upholding the lockdown. The aspect that the LEAs many think twice to reach them in view of the epidemic being contagious is also proving to be an advantage for the perpetrator. Here again the proliferation of ‘Fake Applications’ through social media and websites, taking advantage of the information seekers’ inquisitiveness about COVID-19 is obvious. There have also been reports of cases in which malicious Android applications claiming to offer information about the virus, having caused attackers on innocent users. There have been reported cases related to Ransomware Attacks, during the month of March 2020 on victims who have fallen to the trap of being exposed to internet for information on COVID-19.
The biggest opportunity for cyber attackers with this outbreak of COVID-19 among the countries of the world, has been the Human Factor; Fear, Panic, Rumour, Change in Routine, Isolation, Depression, Human Behavioural Changes, Financial Uncertainty, Financial Stress, Food Shortage, Solitude, etc. There as been very little to do with technology, but with how ‘humans change their behavior and patterns in response to the crisis’. This then became the weakest link for the execution of Cyber Attacks, that have taken place during this season. We at Cyber Secure India, also feel that this Human Factor will encourage many of these heartless people to continue their malicious campaign on the Cyberspace.
Lt Gen Pant, NCSC, Government of India, has also been quoted as saying, “It is so sad to see that even in the midst of such a serious humanitarian crisis, these heartless crooks can only think of opportunism and theft”.
China had tightened the noose on these issues while addressing the challenges that it faced during the containment and treatment phase of Coronavirus.
The British government has created a special unit, “Rapid Response Unit”, being run by the Cabinet Office and Number Ten to deal with all aspects of “Cyber Security and Incident Response” surrounding the coronavirus pandemic.
In general, the best practices that has been recommended in the course of our update on this website (Cyber Secure India, www.cybersecureindia.in) are still the right way to keep you, your organisation, your network, our Nation, protected from these threats.