Cyber-attacks in India surge since lockdown

Author:- Simarpreet Saluja , BVP ,PUNE

Internet service providers ET spoke with said they receive cyberattack alerts from corporate clients almost every alternate day compared with an average of once a week before lockdown was announced as part of measure to contain the spread of Covid-19.

Cyber security attacks and breaches in the country may have jumped by as much as 500% since the lockdown was first announced in March, according to security experts. Internet service providers ET spoke with said they receive cyberattack alerts from corporate clients almost every alternate day compared with an average of once a week before lockdown was announced as part of measure to contain the spread of Covid-19.

“There could be as much as a 500% increase in cyber security incidents since March. Most of the attacks are below the radar and include attacks on small companies, money lost, phishing," said Pavan Duggal, a Supreme Court advocate and cyber law expert. Duggal said the government needs to formulate cyber security laws and create a stringent regime for intermediaries under the IT Act. According to a cyber security expert, the government has also broached the issue with third-party consultants and discussed steps needed to be taken. This becomes important given that last week, the Indian Computer Emergency Response Team (CERT-In), the government’s nodal cyber security agency, had put out an advisory against possible phishing attacks.

The first two months of the lockdown saw a sharp spike in cybercrime, with a majority of them directed at elderly people and single women. According to City Crime Records Bureau data, March and April together saw 1,308 cyber crime cases with a jump in bank fraud and scams in which people impersonating government officials trick people into transferring money for welfare schemes or a government-run relief fund.

“Cyber attackers pretending to be bank officials make calls (phishing) or send emails or SMS es (phishing) to customers, asking them for their account numbers, credit or debit card numbers, CVV, OTP etc,” a cyber crime police officer said. From January to April, police registered 2,103 cases. Figures for May have not yet been released. “Six of every 10 cases we see are related to senior citizens,” the officer said.

Although banks do warn customers against revealing account information, an expert points out another serious problem. “No one really wonders what happens before a transaction reaches the OTP stage. Where did the criminal get card and CVV numbers?” said Nagendra Rao, former bank official and bank-related cyber fraud expert. A cyber crime police officer who also wished to remain anonymous agreed. “Data leak is a big issue.

We have found that staff of private mobile network providers, hospitals, insurance companies, banks, online platforms, etc, have all sold data. With most services now being outsourced, it is very easy to access data and the risk of that being sold is very high,” he claimed. The officer said that in several cases, elderly people who had been swindled, used their debit cards only at ATMs. “They don’t even know how to do online transactions, but their cards were used in a distant part of the country. It’s likely that card numbers and CVV were leaked from banks, but banks are focussed on the OTP alone. Efforts to solve such crimes and reduce them should start from the root cause, which is the leaking of card data,” he explained.

INVESTIGATION While strengthening information security can help prevent crime, once an offence has occurred, police struggle to catch up. “Despite the creation of CEN stations with about 40 officers each, it’s not enough. A bunch of tech-savvy boys sit in remote districts of Jharkhand, UP, etc, making it difficult to track them.” he said. However, Nagendra said banks can adopt simple measures to reduce scams. For instance, linking OTPs to specific transaction, rather than making them valid for a certain time period. A OTP should be valid only for a specific amount and for a specific merchant.

The minister also said that the Maharashtra Cyber Department has so far registered 410 offences and arrested 213 persons in connection with these.

Noting "spike" in cyber crimes in Maharashtra amidst the coronavirus-induced lockdown, state Home Minister Anil Deshmukh on Saturday warned of a stricter action against those involved in such acts.

The minister also said that the Maharashtra Cyber Department has so far registered 410 offences and arrested 213 persons in connection with these.

He said that there has been "a big rise" in crimes like spreading provocative content, rumours and objectionable posts against women and creating communal divide using social media platforms like WhatsApp, Facebook, Twitter, Instagram and TikTok.

"These wrong things are happening. Please refrain from it. Meanwhile, videos encouraging acid attack and rape too were circulated via TikTok," the minister said in a video message.

"Remember, the Maharashtra Cyber Department is keeping a tab on you. Strict action will be taken against whoever will make such posts and videos," he warned.

Instances of Cybercrime during Pandemic

According to the Cyber Security Crime Wing of Maharashtra Police, fraudulent links about COVID-19 are being circulated on the internet through the social media posts and What's app.

Through these fraudulent messages, fear and vulnerabilities of the people towards the coronavirus are being exploited. According to the officials, such messages are being circulated:

1. Promising employment to the age group of people between 18-40 years, with a Class certificate and with a salary of Rs. 3,500 per month during the lockdown,

2. Remedies and additional insurance for Coronavirus,

3. Free recharge of Netflix or other video streaming services,

4. Free internet data, and

5. Sale of liquor offers.

However, these messages have malicious links. These links have been created for the purpose of collecting information, including sensitive and personal ones which are saved in the user’s devices. The links help in accomplishing various phishing and malware attacks and hence, compromising the safety of the device and the data within. People’s online presence has increased since the lockdown which makes them more vulnerable to such attacks.

Fake websites

The Cyber Division of New Delhi recently warned the public about the malicious coronavirus related websites. They released the URLs of the website and urged the people to not access them. Following is the list of websites marked as malicious:

· coronavirus status[.]space

· coronavirus-map[.]com

· canalcero[.]digital

· coronavirus[.]zone

· coronavirus-realtime[.]com

· coronavirus[.]app

· coronavirusaware[.]xyz

· corona-virus[.]healthcare

· survive coronavirus[.]org

· vaccine-coronavirus[.]com

· coronavirus[.]cc

· Best Coronavirus Protect[.]tk

· coronavirus update[.]tkc

Keeping the shortage in supply of the mask and sanitizers during the lockdown, many scammers have made fake e-commerce websites selling these items. These criminals are preying on the fear of the people for the COVID-19. However, the items never get delivered and the website is shut down after some time.

Fake Applications on Android/iOS

An application on Google Play Store named- ‘Corona Lie 1.1’ claims itself to be a live tracker of the cases of Coronavirus. People who were using this app believed they were using the app to keep track of the pandemic. Instead, the app turned out to be malicious, invading its user’s privacy. The app can access the device’s location, photos, videos, and camera.

The information collected can be misused by compromising with the user’s bank account or can be sufficient enough to blackmail the user.

With the intention to curb the rise of fake apps, the Android Playstore has removed many such apps from their platform. Moreover, they have set rules for these types of apps and categorised them under the “sensitive events” category.

Cyber Crime against Women

Cybercrime against women has been increasing due to the lockdown. According to the National Commission for Women (NCW) stats of cybercrime complaints received in 2020:

· February- 21

· March- 37

· April- 54

Moreover, according to the founder of a public care NGO, Akanksha Foundation, 20-25 complaints were received by them on a daily basis. The complaints are mainly about:

· Abuse and threats;

· Indecent exposure and unsolicited obscene pictures;

· Malicious emails claiming their account is hacked;

· Ransom demands and blackmail;

· Sextortion, that is, extorting money or sexual favours with the threat of revealing evidence of their sexual activity.

PM CARES Fund Fraud

The Prime Minister’s Citizen Assistance and Relief in Emergency Situation ( PM Care) Fund is receiving a lot of donations from the people. The Fund’s UPI ID is pmcares@sbi. However, it has come under the notice of the authorities that scammers have made similar UPI IDs such as pmcares@icici, pmcares@yesbank, pmcares@ybi, and so on, to defraud people. The Indian Computer Emergency Response Team (CERT-In) along with banks, ministries and police departments issued warnings to curb fraudulent activities.

EMI Moratorium Fraud

Alerted by the scammers tactics to exploit the EMI Moratorium Scheme, the indian banks have reached out to their customers and strongly advised them not to share personal information like OTP and ATM PIN with imposters, who started contacting people and promised for help with postponing the EMI payment.

Scammer listed Statue of Unity for Sale

The Indian authorities have filed a case against the person who listed the world’s largest Statue for $4 Billion on OLX, a consumer to consumer (C2C) platform. According to the advertisement, the money which was going to be generated by the sale of the statute would be used by the government to meet its medical expenses amidst the coronavirus pandemic.

APT Groups

Advanced Persistent Threat (APT) groups are referred to as organizations that attack on a foreign nation’s information related to national security or economic importance either through cyberespionage or cybersabotage. These groups continue to evolve and exploit during the pandemic. They have been targeting the Critical National Infrastructure which includes Hospitals with ransomware, malware, and distributed denial of service(DDoS) attacks. Not only the attacks are done with the intention of making profits, but also to extract and get access to login credentials and sensitive information of intelligence value.

Naikon, a chinese APT group, has been targeting the countries of Asia Pacific region. According to the IT security firms, their method of attacking is to infiltrate a government body and extract confidential information to launch a phishing attack on other government targets.

Zoom-bombing

Zoom, a video conferencing app, enables professionals and students to have online meetings and attend online classes, respectively. However, recently, issues were raised about the security of the app. Zoombombing refers to an activity where hackers can secure access to a particular meeting and bombard it with objectionable content. There have been recent instances where objectionable material like a pornographic film was played during an online classroom session or a meeting. Actions have been taken by the company to prevent zoombombing instances by disabling Personal Meeting IDs for scheduling or starting a meeting and a password will be required for all meetings. Moreover, screen sharing privileges will be for the host only by default.

Attack on the WHO

The World Health Organization (WHO) has noticed a drastic increase in the number of cyberattacks directed towards its staff since the beginning of the COVID-19 pandemic. According to the reports of the WHO, 450 active email addresses and passwords of WHO were leaked online along with other thousands belonging to those working on the novel coronavirus response. However, the leaked information did not put the WHO system at risk as the data was old but the attack did affect the older extranet system which is used by the current and retired staff along with the partners.

The number of cyberattacks against the organization is five times more than the same period in 2019.

Laws preventing cybercrime in India

With the motive of creating an enabling environment for the commercial use of the I.T. and to combat the problem of crimes related to the internet, the Information Technology Act, 2000 was enacted. The acts which are punishable have been defined under the IT Act.

Offences related to the internet that have been made punishable under the IT Act, 2000 are:

· Section 65– Tampering with computer source documents. The person can be made punishable with imprisonment for up to three years, or with a fine up to two lakh rupees, or both.

· Section 66– Hacking with computer systems and Data alteration. The person can be made punishable with imprisonment for up to three years, or with a fine up to two lakh rupees, or both.

· Section 67– Publishing obscene information. On the first conviction, the person can be punishable with imprisonment for up to five years and with a fine of up to one lakh rupees. However, in the case of subsequent conviction, the term of imprisonment can be up to ten years and with a fine up to two lakhs.

· Section 70– Unauthorised access to a protected system. The person can be made punishable with imprisonment for up to ten years and with a fine.

· Section 72– Breach of Confidentiality and Privacy. The person can be made punishable with imprisonment for up to two years, or with a fine of up to one lakh rupees, or both.

· Section 73– Publishing false digital signature certificates. The person can be punishable for imprisonment for up to two years, or with a fine of up to one lakh rupees or both.

How to be safe

One can keep themselves safe from such scam and frauds with the help of vigilance and diligence. Here are some pointers that you can keep in mind:

· Before downloading any app from the Playstore, check the detail of the App, this includes details of the developer, reviews, rating given by other users, and their website, if any.

· Refrain from downloading an app from the third-party stores of websites and only download them from Apple Store for iOS devices and Google Playstore for android devices.

· In order to prevent fake and malicious apps from being installed, use effective and reliable antivirus for mobile and desktop.

The Delhi Police and WHO have issued some guidelines considering the imminent threat of cybercrimes. Some DO’s and DON’Ts are as follows:

· In case of receiving any attachments on mail that you have not asked for, refrain from accessing them.

· Pay close attention to the type of personal information you share when asked for it as there is always a reason for it. Under no circumstances, should you share your passwords.

· Do not trust any emails that come with a sense of panic as any legitimate organization will never want the people to panic and take processes step by step.

· Do not believe that WHO or any other organizations give lotteries or offer prices, certificates or grants on the email.

How to check the authenticity of a website?

· HTTP = Bad, HTTPS = Good. in https://, the ‘S’ stands for ‘secure’. It indicates that the website uses encryption to transfer data and provides protection from a potential hacker.

· Check for visible signs such as spelling errors or broken links. The legitimate websites domain name generally does not have these mistakes.

· Look for domain age. Often the age of such domain names is not more than a few months, it can be checked on search engines like Whois.com to check the details of the date of registration of the domain name.

Conclusion

Since the beginning of the pandemic of the coronavirus, a significant increase in the number of cybercrime cases has been noticed. The fact that the people are made to work remotely is one of the contributing factors as this lowered the security of their system. Various instances have taken place and the cybercriminal has left no stone unturned to exploit the vulnerable user by extracting their information for personal gains. However, various efforts are being made by the cybersecurity firms to solve the problem and provide security to the people. Various organizations like WHO or the Interpol, along with Delhi Police have issued guidelines for the people to safeguard themselves.

References:

https://www.newindianexpress.com/states/karnataka/2020/jun/11/cyber...

https://blog.ipleaders.in/rise-in-cyber-crimes-due-to-pandemic-lockdown

https://www.newindianexpress.com/states/karnataka/2020/jun/11/cyber...

https://www.indiatoday.in/mail-today/story/lockdown-boom-for-cyber...