Taking advantage of the pandemic

Aqilah Rahman

A simple click of a mouse can put a user’s data at risk, making cybersecurity a serious issue for individuals and businesses around the world.

In 2020, a large number of cyberattackers took advantage of the pandemic, using the subject of COVID-19 for data theft, financial fraud and other illegal activities, according to a report published by cybersecurity company Proofpoint recently.

The report -‘The Human Factor 2021’ highlighted the prevalence of cybercrime over the past year, based on the data collected by PowerPoint deployments around the globe. It also highlights attack techniques that people are most likely for, and what can be done to protect ourselves from cyberattacks.

EFFECTIVE ATTACK METHODS

According to the report, users are most vulnerable to steganography and the captcha method.

Steganography uses a malicious code hidden in various types of files such as images and audio. The code is activated once the file is on the victim’s machine. Steganography has the highest success rate of any attack techniques, receiving a click from three out of eight users.

Meanwhile, the captcha method uses visual puzzles to distinguish bots from actual people. The overall response rate is five per cent, which is still a significant figure although it is lower than the steganography success rate. In most email marketing campaigns, this would’ve been a “resounding success”.

The captcha method is usually used as an antifraud measure, preventing bots from accessing a website. But attackers use it “to ensure that their malware is on the system of a real user” instead of a “security sandbox that could observe its malicious activity”.

In 2020, attacks that used the captcha method received 50 more clicks compared to the year before.

TYPES OF ATTACKS

Credential phishing is the most common type of attack against individuals and businesses. Most of the email threats in 2020 were phishing attempts to steal user data.

A phishing email’s template has three main categories: link-based (users are directed to a malware or a harmful website by clicking a link), data entry-based (users are directed to a fake login page to steal their credentials and personal data), and attachment-based (an email with a malicious file attached).

According to a simulated phishing exercise conducted by Proofpoint, a large number of users clicked on attachment-based emails (20 per cent), compared to link-based emails (12 per cent) and data entry-based emails (four per cent).

A large number of attackers used the subject of COVID-19 to bait users at the beginning of the pandemic. By mid-March 2020, about 80 per cent of threats scanned daily by Proofpoint were related to COVID-19.

One example in the report is an email sent by an attacker disguising as a member of the World Health Organization (WHO), using its logo and a similar email domain. The email had a malicious file attached, which the attacker claimed to contain safety measures.

Business email compromise (BEC) is a technique where an attacker disguises as a colleague, executive or vendor. The attacker may instruct the victim to make a payment or send confidential data, and this often leads to heavy financial losses. About USD1.8 billion was lost in 2020 due to BEC schemes, according to the 2020 Internet Crime Report.

Thread hijacking is another technique that relies on impersonation to trick users. In this method, an attacker takes control over someone’s email account and replies to email threads while concealing their true identity. This method can be highly effective if the recipient knows and trusts the sender.

In 2020, thread hijacking attacks increased by 18 per cent compared to the year before.

OTHER TECHNIQUES

In 2020, almost 25 per cent of attack campaigns used compressed executable files to hide their malware. This method involves a malicious attachment disguised as regular files such as Powerpoint slides and Excel spreadsheets. The malware is activated only when the victim opens the file, making it an effective way to evade automated welfare detection.

Banking Trojan is a type of malware used to steal banking credentials. Victims are usually directed to a fake website of an actual bank or are prompted to fill in a fake login form on the actual website.

An increasing number of attackers are using Banking Trojan to carry out ransomware attacks, locking the user data and demanding a payment in exchange for the data.

RECOMMENDATIONS

The report recommends a people-centric defence focussing on three areas: vulnerability, attacks and privilege. Under vulnerability, users should be trained to spot and report malicious emails. Assume users will eventually click some threats, and isolate risky websites and URLs.

Under attacks, users are recommended to build a robust email fraud defence. Ransomware attacks can be prevented by suppressing the initial Trojan infection. Cloud accounts should be protected from takeover and malicious apps, and companies are recommend to partner up with threat intelligence vendors.

High privilege users are those who have access to confidential information and therefore may be targetted by cyberattackers. The report recommends deploying an insider threat management system, responding quickly to potential privilege abuse and enforcing security policies.