Cyber trigger: Fraudsters leverage remote working, COVID-19 to give sleepless nights

With yet another data breach incident putting thousands or millions of user data at risk, cyber fraud is indeed giving sleepless nights to individuals and organizations.

Yet another data breach incident has occurred with BabyChakra, one of India’s biggest online pregnancy and parenting platforms, according to vpnMentor. 5.5 million files are at stake, with the potential impact of fraud, phishing, malware, and possibly child endangerment.

Read more: A look at the data breaches that rocked India in 2021 on World Password Day

Such incidents are increasing manifold owing to the sudden shift of services to online platforms. Especially in India, digitization has entered some industries almost overnight, with organizations hardly getting time to understand the security nuances of such a move.

Even IT, in the last few years, has seen rapid changes, from the advent of the cloud to an increase in disruptive technology adoption by enterprises.

If cybercrime were a country, it would be the world’s third-largest economy after the US and China

As cyber threats evolve, becoming more frequent, stealthy, and lethal, the significance of cybersecurity drives home like never before. In the current pandemic times, cyber security issues have risen four-fold. According to data from Comparitech, global cybercrime is expected to wreak costs adding up to US$6 trillion in 2021. If cybercrime were a country, it would be the world’s third-largest economy after the US and China.

What kind of cyber fraud threats are we seeing most right now? And how are they caused? The Tech Panda asked a few experts and analyzed.

Mobile Phishing

Our smart mobile phones may be the source of multiple tasks today, but at the same time, they are also a gateway through which cyber criminals are flourishing. There has been an 845% spike in cyberattacks on mobile devices alone between October 2020 and March 2021, according to Check Point Software Technologies’ Mobile Security Report 2021.

Verizon, the American wireless network giant, lists a number of mobile scams to beware of, which include cloning, fake apps, phone insurance scams, and robocalls.

“Since mobile screen sizes have a limited display as compared to other devices, and many-a-times promotional messages have quick links and action-oriented buttons, the possibility of getting hacked while using our mobile phones increases. And since we are always online and connected via different WiFi networks around us, which may or may not always be 100% secure, WiFi interference is also one concern that could lead to data leakages,” Govindraj Basatwar, Head of Global Business for INKA Entworks, told The Tech Panda.

The age-old practice of fooling unsuspecting users with ´attractive offers´ or suspicious links is definitely going to have a gala time this year too

He adds that mobile ad frauds are particularly important since losses are pegged to reach US$100 billion per year by 2023.

“Madware, which basically stands for mobile adware, can easily collect a user’s data from the background while the user interacts with an app in the front end,” he says.

Suspect No. 1: Remote Working

In the current context, with remote work on the rise, malicious actors find it easy to hack remote devices by means of attacks of various natures. Of these, phishing attacks are often the most common, Sandip Kumar Panda, Co-founder and CEO at InstaSafe, told The Tech Panda.

A lack of basic cyber hygiene on the part of employees contributes to a massive increase in such attacks

“A lack of basic cyber hygiene on the part of employees contributes to a massive increase in such attacks,” Panda says.

On the enterprise front, ransomware attacks have seen a two-fold increase in the last year, with companies gaining access to critical resources by exploiting VPN vulnerabilities and threatening to expose them if they are not paid a certain ransom.

“By nature, these attacks are extremely dangerous and have the potential to destroy the financial standing and brand standing of companies in a jiffy,” he adds.

Phishing attacks occur when attackers impersonate popular pages or innocuous looking links to gain control of devices and exploit data. Especially in the current remote-working environment, phishing attacks have gone up almost six fold. Work From Home (WFH), it seems, is the culprit.

“As a large workforce have moved to WFH, and as homes are not as secured as office spaces, hackers are using this opportunity to the fullest. The biggest threats are social engineering, ransomware attacks, and cloud computing vulnerabilities,” Raj N, a Serial Entrepreneur, Angel Investor, and Founder of fintech firms Zaggle and ZIK ZUK, told The Tech Panda.

Leveraging the Pandemic

The pandemic has made every angle of business vulnerable. Undoubtedly, cyber attackers are clever enough to use the current situation. For example, an email that looks like it has come from a government website, talking about the do’s and don’ts of COVID-19, complete with a link to get authentic oxygen cylinders, ventilators, or medication, can be a potent bait right now.

People who are already under stress would be less careful in these times and are likely to fall victim to such phishing emails. But the common theme is going to be utilizing the current pandemic to its fullest

“People who are already under stress would be less careful in these times and are likely to fall victim to such phishing emails. But the common theme is going to be utilizing the current pandemic to its fullest,” says Raj N.

In fact, he adds that while cybercrimes have hit multiple sectors, healthcare and financial sectors have been the most hit.

“Healthcare data is extremely critical and confidential, and in the light of a failing and overburdened health infrastructure during the pandemic, the focus on security of customer data has been lax to say the least. Similarly, financial institutions, despite their claims of top-notch security, have been the slowest in adopting security models like the Zero Trust Model, and have relied on obsolete security tech for their protection,” he says.

What Will ´Fool´ Us in 2021?

2021 has already lined up data breaches in sectors like fintech (Mobikwik, Juspay), healthcare (COVID-19 test results), social media (Facebook), etc. This track record only predicts more doom in the months ahead.

Basatwar predicts that email will win hands down as the most used means of cybercrime. Miscreants seeking two-factor authentication codes is another area to beware of.

2021 has already lined up data breaches in sectors like fintech (Mobikwik, Juspay), healthcare (COVID-19 test results), social media (Facebook), etc. This track record only predicts more doom in the months ahead

“The age-old practice of fooling unsuspecting users with ´attractive offers´ or suspicious links is definitely going to have a gala time this year too. Email will definitely be the number one channel for cybercrimes. We also hear a lot of cases where hackers sometimes trick users to share their two-factor authentication codes,” he says.

He adds that poor password practices would also require special attention in 2021, since many are mixing personal and professional work because of the rise in BYOD culture.

“Some personal work does spill over during office hours or vice versa. So, people have to be mindful of how they treat passwords, untrusted emails, and outside communication,” he advises.

Red Alert Ahead

Data from Comparitech suggests that the number of devices connected with the Internet is projected to spike to 35 billion in 2021 from 31 billion in 2020. This number is expected to go up to 75 billion in 2025. After all, we never give way to thoughts of cyber security when logging ourselves online on a new device.

Read more: Are upskilling and reskilling the answer to India´s dire need for cybersecurity professionals?

With the Babychakra incident coming to light, we can never know where the next attack is going to occur. Also, we cannot take these attacks lightly. US$150 is the average cost of each record that is compromised, US$ 3.92 million the average cost of a single data breach.

The numbers say it´s worth being on the alert.