- COVID-19-themed phishing emails targeted manufacturing, finance, transportation, pharmaceutical and cosmetic industries.
- Attacks on banking, defence and manufacturing sectors were also notably at large. As per PwC study, many Indian organizations saw a 100% increase in attacks between 17 and 20 February 2020.
- Also, there was a 66% increase in detections by endpoint security systems in March 2020 and a 100% increase in brute force attacks in March 2020 on internet exposed systems,
- The data breaches cost organizations in India roughly between $100 million to $200 million per year. While in 2019, the average cost of data breaches in India stood at $119 million, as per a PwC report.
- The State Bank of India (SBI), India’s largest lender, has issued a warning for its users to beware of an imminent phishing attack (cyber attack).
- The Indian Computer Emergency Response Team (CERT-In) on Sunday had warned that in a major phishing attack, millions of Indians could be targeted by fake emails, social media posts or texts messages, which promises free Covid-19 testing across India.
- A large-scale cyber attack has been planned by cyber crooks where they may use Covid-19 as bait to steal personal and financial information. Cyber attack conducted by “malicious actors”, will be done in the guise of a Covid-19 related with subject like ‘Free COVID-19 Testing’ via emails from ‘ncov2019@gov.in’.
Attention
- SBI has stated that it has come to their notice that a cyber attack is going to take place in major cities of India and has requested its customers to avoid clicking on emails coming from ncov2019@gov.in with a subject line Free COVID-19 Testing.
- The CERT-In warning advisory added that there would be a phishing email subject line like free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad.
- In an advisory, Cert-IN said, citing a report from independent researchers who said the attack is being planned by North Korea-based cyber criminals. It stated, “Phishing campaign is expected to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government fiscal aid.”
- “The malicious group claims to have 2 million individual email addresses and the attack campaign is expected to start on June 21,” the Indian government stated. “Beware of email addresses, spelling errors in emails, websites and unfamiliar email senders,” stated the advisory, warning every citizen not to submit personal financial details on unfamiliar or unknown websites or links.
- “Beware of emails, links providing special offers like Covid-19 testing, aid, winning prize, rewards, cashback offers,” the government advisory stated.
According to cyber intelligence firms, there’s been an increased chatter on dark web forums in Mandarin demanding that “India be taught a lesson”. In times of strife, Pakistani hackers too target Indian sites.
KEY HIGHLIGHTS
- Cyber criminals send phishing emails in the form of an important Covid-19 update or under the garb of false cure
- As per a recent PwC report, at least a half dozen fake versions of the ‘PM CARES’ site have emerged to target Indians
- Phishing forms 57% of all attacks, followed by malware attacks at 41%, spear-phishing at 30%, DoS at 20% and ransomware at 19%
No Comments