Info-tech

Malicious actors are leveraging the pandemic to gain entry into corporate systems: McAfee

KV Kurmanath Hyderabad | Updated on July 29, 2020 Published on July 29, 2020

As per McAfee’s latest findings, India ranked fourth in the top 10 source IP geo-locations for external attacks on cloud accounts from January-April 2020, only behind Thailand, USA and China   -  istock/xijian

‘Flatten organisational attack surface through cyber security hygiene’

Cyber-criminals see opportunity in every crisis. More so, when it comes to the Covid-19 pandemic. As organisations, businesses and institutions rush to put in place IT solutions to be able to keep in touch with their employees and customers, cyber-criminals see this a great opportunity.

“Malicious actors are leveraging the pandemic as an entry mechanism into corporate systems across the globe and India is no different. The convergence of home, school and office has made home a fertile ground for attacks,” Venkat Krishnapur, Vice-President of Engineering and Managing Director of McAfee India, has said.

As per McAfee’s latest findings, India ranked fourth in the top 10 source IP geo-locations for external attacks on cloud accounts from January-April 2020, only behind Thailand, USA and China. Cyber-criminals are actively exploiting the situation with Covid-19-themed ransomware, scam URLs and spam designed to lure remote workers into clicking unverified links or into opening insecure attachments.

“We observed the emergence of phishing campaigns that use pandemic-themed messaging to deliver malware and trojans, as the workforce learns to adapt to a remote working culture,” he said.

“We also detected a banking trojan, Ursnif, that steals banking credentials by collecting activities of victims through keystroke recording and by tracking network, browser activity,” he pointed out.

Ransomware-as-a-Service attacks continued to train their sights on municipal, healthcare, financial and corporate targets.

Mobile threats ranging from ransomware samples to spy agents arising from Android applications, and abusing keywords connected to the pandemic were also on the rise.

“Using spear-phishing techniques, cyber-criminals are targeting select employees to gain access to critical information like staff credentials, customer data, intellectual property, and more,” he said.

Weaknesses

Bad actors exploit human-machine weaknesses. “Just like we are fighting to flatten the Covid-19 curve by social isolation and washing our hands, we should aim to flatten our organisational attack surface by ensuring cyber-security hygiene. We should use multi-factor authentication, strong and complex passwords, VPNs (virtual private networks), and robust endpoint and cloud security software.

“However, the bottomline still remains staying vigilant and using common sense in the online world,” Venkat Krishnapur said.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on July 29, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.