Carelessly forwarding Whatsapp “pandemic information”, leaking embargoed government press releases—are well-intentioned people inadvertently helping cybercriminals? What should we really do?

It is clear from recent reports that cybercriminals are exploiting the current pandemic for financial and strategic gain.

The number of registered domains with keywords ‘corona’ and ‘covid’ has surged to a whopping 38,000+ in March 2020 alone, up from only 190 in the year 2019.

Researchers of the deep and dark web markets are seeing an influx of different COVID-19 related products, scam templates and the massive spread of disinformation. Cybercriminals have wasted no time in creating a plethora of fake mobile applications claiming to provide pandemic updates.

How can people in the region ensure that they stay alert and steer clear of these malicious mobile applications? One cybersecurity expert, Etay Maor of IntSights, offered his views to CybersecAsia which may provide some useful guidance.

Maor is IntSight’s Chief Security Officer, and he has contributed to the International Institute for Counterterrorism in cybersecurity, fraud and dark web topics. He is frequently-featured speaker at major industry conferences, and major news agencies go to him often for his astute commentaries on cybersecurity trends.

CybersecAsia: Cybercriminals have wasted no time in creating a plethora of spoofed websites and fake mobile apps claiming to provide COVID-19 updates. How can netizens ensure that they stay alert and steer clear of these malicious sites and applications?

Maor: Phishing and malware attacks have been around for over two decades and will continue to target people and companies well after the current COVID-19 situation is resolved. People need to realize that cybercriminals always utilize current news to propagate their attacks and so we need to be careful with anything that looks even mildly suspicious online—if there is a doubt there is no doubt!

All the basic security hygiene recommendations should be followed—do not download files or applications whose source you do not know or trust, do not open emails or links from unknown senders (even if you recognize the sender, make sure it is really them by contacting and asking if they sent you an email). In addition, always keep your system and applications patched and up to date, use two-factor authentication when possible, use a virtual private network, etc.

While there is no silver bullet against these types of attacks you should always aim not to be the low hanging fruit for attackers.

CybersecAsia: How are cybercriminals exploiting the Dark Web to apprise each other on coronavirus-themed phishing lures that work?

Maor: The dark web is utilized by cybercriminals for communication and buying and selling of illegal goods and services. We have seen cybercriminals chat about how to design a convincing Phishing attack using the COVID-19 theme as well as discussions about hoaxes and scams that they can use.

In addition, there has been an uptick in the number of discussions about vulnerabilities and exploitation of video conferencing and remote-working tools—cybercriminals are paying attention to the changing landscape and the fact that many workers are now working from home and so they seek to target the collaboration tools everyone is using today.

CybersecAsia: What can businesses do to prevent the loss of sensitive data given that threat actors are getting more sophisticated and harder to detect?

Maor: Business are constantly targeted by various threat actors who use different tools and techniques to gain access to their networks. The most essential component to cyber risk and cybersecurity strategy is threat intelligence.

Business that have the right threat intel solution—one that provides them with information which is timely, accurate and (extremely important) actionable—will be able to mitigate some of the risks before they ever even hit them. They will have a clear picture of the threat landscape, how their systems, networks, technologies, people and infrastructure may be targeted and what to do about it.

CybersecAsia: How should organizations deal with fake news, deepfakes and other misinformation on mobile applications, the web and social media?

Maor: Misinformation and disinformation campaigns are hard to spot and call out. Current technologies lag behind and so, at this stage a lot of the mitigation of these attacks rely on people. This means people need to do more critical thinking, and that information needs to be validated using multiple trusted sources.

We are currently working on a research about how different threat actors use these types of techniques and reviewing some of the ways to counter them.

CybersecAsia: Are cybercriminals employing AI to augment their attacks (now or in the near future)? If so, what measures should we take to protect ourselves?

Maor: AI is currently used by many security vendors to fight cybercrime. While some of the techniques used by attackers can be categorized as AI to some extent, we have yet to see a true AI product by attackers (other than proofs of concepts by researchers).

There is almost no doubt by researchers that AI will be used by attackers whether if it is to overcome security measures, trick users or more advanced usage of what we have seen so far: botnet control and scanning.

Useful takeaways

Amidst the COVID-19 information overload building up globally, people will hopefully stick to a good mixture of mainstream news sources and verifiable literature. Staying safe from cybercriminal activity is just one part of the holistic solution. The big picture is to help everyone around us do the same.

Here are a few guidelines for socially responsible behavior:

• Do not readily forward so-called ‘news’, rumors, ‘insider leaks’ and informed ‘opinions’ that reach you. Some of the information sent to you may well be true, but it takes just one manipulated lie or half-truth inside to twist the message into fake news that can potentially harm certain excitable people who receive it (for example, rushing out to hoard food in a panic).
  
• Conversely, always be mindful that even newsmakers and media can be fed wrong information and contrasting ‘expert’ opinions. Stay calm and monitor any information that warrants further verification or differential opinions. Research the issues widely, across a broad range of international media, to get a feel of what parts of the information are actionable, and what parts are considered as questionable until further notice.
  
• Strong opinions about the management of the pandemic have polarised communities globally, and this itself can exacerbate long-term harm that will persist long after the pandemic. Social media platforms now reward peoples’ egos through ‘likes’ and ‘shares’, thereby prompting people to take on various personas to troll or bully others who differ in viewpoints. This kind of behavior is not useful, no matter how our ego tells us differently! Time to evaluate our sensibilities in our online activities!

Staying socially responsible and cohesive makes it that much harder for social engineering and cybercrime to take root!