23 April, 2020
PwC’ India's threat analysis of sustained cyberattacks during the ongoing COVID-19 crisis offers insights for safeguarding organisations and ensuring secure business continuity plans.
Globally, the COVID-19 pandemic has caused widespread business disruptions, particularly due to business continuity via remote working. This makes organisations more vulnerable to rising cyberattacks. Based on the pattern of attacks across a wide cross-section of Indian organisations, using data collected via logs and various other sensors, PwC’s Cyber Security team analysed the cyberattacks on Indian entities in the last few weeks.
Commenting on the rise in cyberattacks post the spread of the COVID-19, Siddharth Vishwanath, Leader – Cyber Security, PwC India said, “With significant shifts to work from home or off-location operations, organisations are more focused on continuity of day-to-day operations than on plugging the gaps in the remote infrastructure. Hackers, who realise this, do not want to leave any stone unturned to harness the moment. PwC’s threat analysis validates this as the cyberattacks in the backdrop of the COVID-19 have seen a sudden spike. Organisations are required to work on fixing the gaps in their remote infrastructure and provide secure remote access to employees and other stakeholders.”
The analysis shows a significant rise in cyber incidents as hackers exploit the COVID-19 crisis. The PwC report summarises the timeline and varied threat scenarios being used in exploiting the vulnerability of organisations.
Timeline of cyberattacks exploiting the COVID-19 crisis
In January, coronavirus-themed malspam emails distributed malware and Trojans, especially the Emotet banking Trojan. In February, phishing emails masked as communiqués from the Centres for Disease Control and Prevention stole email credentials while COVID-19-themed phishing emails targeted manufacturing, finance, transportation, pharmaceutical and cosmetic industries. North Korea’s BabyShark malware spread via a document disguised as South Korea’s response to COVID-19. Also, spam emails purportedly from the Centre for Public Health of the Ministry of Health, Ukraine, delivered a lure document containing COVID-19’s latest news but, in reality, dropped a C# backdoor.
In March, spam emails camouflaged as coronavirus precautions targeted Italian email addresses, delivering a weaponised Word document embedded with a VBA script that dropped a new TrickBot variant. Meanwhile, cybercriminals exploited users’ need for COVID-19 data via an online application cloaked as an interactive map showing coronavirus’ spread globally. A new ransomware strain (dubbed CovidLock) was disguised and distributed as a coronavirus tracking app.
As the COVID-19 outbreak reached India, cyberattacks on Indian companies doubled between January and March 2020. February saw a sudden spike, most focused on exploiting vulnerable services and obtaining easy access to remote desktops. There were untargeted phishing campaigns too wherein attackers impersonated personnel from various agencies battling COVID-19. After two primary sustained waves in February, attack volumes fell to a median level.
Volume of attacks experienced
After 15 March, when India witnessed rising COVID-19 cases, a massive wave of attacks targeted many Indian companies. Many witnessed a 100% increase in attacks between 17 and 20 February.
The remote work infrastructure is being heavily targeted, along with identity theft and malicious payload delivery. As organisations work speedily in establishing VPN (virtual private network) so their employees can work remotely, cyber crooks are exploiting weak authentication mechanisms through widespread phishing campaigns.
There has been a global spike in phishing emails since February, exploiting anxiety related to COVID-19. Most attacks were untargeted, meant to trap myriad users within the least possible time. Incidents detected by endpoint detection and response (EDR) systems across many organisations rose steadily.
Safeguarding continuity of business operations
Given the current threat landscape, companies utilising remote working policies need to deploy robust preventive and detective technical measures. PwC recommends the following measures:
Protection
In the long term, organisations should focus on:
About PwC
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with over 276,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
In India, PwC has offices in these cities: Ahmedabad, Bengaluru, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai, Pune and Raipur. For more information about PwC India’s service offerings, visit www.pwc.in
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
© 2019 PwC. All rights reserved.