There has been an increase in cyber attacks on personal computer networks, mobile phones, VPNs and routers since employees were asked to work from home, in the wake of coronavirus outbreak in India.

Industry sources say that over the last 1-2 months , there has been an at least 40-50 per cent rise in devices across enterprise ecosystems and at least five new threats have emerged during this period, targeting computers and mobile phones.

CERT-In or the Computer Emergency Response Team of India — the country’s nodal agency to combat cyber attacks — has been quick to raise the red flag. VPNs, now paramount to a company’s backbone, are also under threat.

In fact, a concern that some cyber security guys raise is that of law enforcing agencies diverting their attention to issues like enforcing a lockdown and other activities such as controlling rumour mongering.

“The law enforcement authorities are also not really bothered about cyber security as they are more engaged in ensuring physical safety and security of its citizens. So we are in a state of vulnerability. And a hacker needs just one (such) vulnerability,” said Trishneet Arora, Founder and CEO, TAC Security.

End point security

Experts say that personal devices continue to be less secure.

“Personal devices have previously been used for corporate access. (But, now), we are witnessing about 30-40 per cent new ones entering the ecosystem. Less secure devices have expanded the threat surface available for cyber criminals,” Murtaza Bhatia, Head-Vertical Solutions, NTT India Pvt Ltd, told BusinessLine .

McAfee’s Venkat Krishnapur, V-P, Engineering and India MD, maintains that personal devices generally do not have proper endpoint security solutions. Most common way of breaches include phishing, passwords, people, patching and privileges.

“Malicious actors also leverage spear-phishing, targeting select employees to gain access to critical data like staff credentials, intellectual property, customer data, and more,” he added.

New threats

SonicWall, a cyber security firm,says that there were at least five cyber attacks since February.

In February, an executable file named CoronaVirus_Safety_Measures.exe was being delivered to the victim’s machine as an email attachment. This was a malicious file.

Next came the a coronavirus scare tactic which was used across a particular mobile ecosystem in the form of Remote Access Trojan (RAT) and an application that goes by the name of ‘coronavirus’. Post its installation and execution, this sample requested the victim to re-enter the pin/pattern on the device and stole the same, while repeatedly requesting for ‘accessibility service’ capability.

The third was when a malware took advantage of Covid-19 fears (also called scareware in IT language) and claimed ransom.

Then came a phase where the cyber-attackers were creating websites that spread misinformation about coronavirus , falsely claiming ways to “get rid of” it. These sites attracted new victims via downloads.

Later in March, researchers found that malware authors have taken advantage of the public’s desire for information on the Covid-19 pandemic. The malware Azorult.Rk masqueraded as an application providing diagnosis support, even including a screenshot of a popular interactive tool that maps ‘Covid-19 cases and exposure’. It included 12 different layers of static and dynamic information, making it difficult for threat analysts to quickly investigate.

Forcepoint, another cyber security company, agrees to the rise in malware and phising attacks. It maintains that employees who might be setting up apps can fall victim to sophisticated phishing that look remarkably like the set-up processes they’re trying to work through.

Security spends

Surendra Singh, Senior Director & Country Manager, Forcepoint, maintains that IT departments need to understand security of the workarounds that employees use, which include using personal cloud storage solutions to store work-related files (if they don’t have access to corporate editions), or emailing work-related files via personal free email accounts to circumvent file size limitations.

“Understanding how data loss prevention solutions and cloud access security broker solutions could help businesses secure their new, expanded or distributed hybrid IT system,” he said.

Incidentally, Gartner predicts that the enterprise information security spending in India is estimated to rise to $2.1 billion by 2020. Currently, security services are fragmented into various aspects such as endpoint security, application security, data security and security operations. Considering the increase in demand (due to influx of endpoints and remote security requirements), an increase in investment of about 5-10 per cent for augmentation of current services can be expected.

Diwakar Dayal, MD at Tenable India, said that it was worth investing in solutions that can check the security posture of all devices, regardless of their ownership, that connect to a corporate network. Once the crisis passes, companies can also revoke such remote access.

For companies, enabling work from home is the priority at the moment and not much thought has gone into cyber security, says sources.