The world is going through one of the worst times due to the Coronavirus pandemic. To avoid contracting the deadly virus, businesses are shutting their offices and people across many countries are being asked to stay indoors and work from home. In this three-part series (Part I, II, and III) we take a look at some of the brazen attacks by hackers on organizations across the world.
Taking advantage of this chaos, hackers are trying to steal sensitive information and in few cases are launching multiple attacks on organizations in a bid to cripple them and hold them to a ransom, or steal sensitive data of millions of unsuspecting people to make quick unethical gains. Businesses are the worst hit that not only have to deal with a shortage of staff on the ground but are left on their own to fend off these attacks that jeopardize vital information.
Attacks in Korea
Google security researchers spotted sophisticated hackers using hidden hackable flaws in various software to spy on the North Korean systems. The alleged attack in question was the brainchild of South Korean hacker group that exploited flaws in Internet Explorer, Chrome, and Windows with phishing emails that carried malicious attachments or links to malicious sites, as well as the so-called watering hole attacks that planted malware on victims’ machines when they visited certain websites that had been hacked to infect visitors via their browsers.
Although Google played it safe and refused to name the attackers, Russia-based security software firm Kaspersky pinned the blame on Dark Hotel. Kaspersky says the hackers have targeted North Koreans in the past and is suspected of working on behalf of the South Korean government. Soon afterward as the Dark Hotel’s hand in the attacks was identified beyond a reasonable doubt, reports emerged of the group spying on Chinese systems too.
It is interesting to see that the attacks were all carried out during the last part of 2019, when the Coronavirus pandemic had started rearing its ugly head in China and other nations with frequent travel history to China. Dark Hotel in another case exploited an Internet Explorer bug in a Microsoft Office document that merely summoned up the web browser code to launch an online video embedded in the document. In another case, the hackers adapted a bug in Internet Explorer’s sandbox, the security feature that quarantines code in the browser from the rest of the computer, to bypass Firefox’s sandbox instead.
Apps that misguide people axed by Google
In another case, Google removed the Infowars Android app from its Play Store, extinguishing one of the last mainstream strongholds of infamous conspiracy theorist Alex Jones. The app was pulled down after a lot of outrage and complaints from the public regarding the kind of advice that was doled out to people with regards to countering the coronavirus pandemic.
Jones app Infowars made startling claims and wildly disputed the measures to fight coronavirus. The app advised people against social distancing, shelter in place, quarantine efforts, work from home measures to name a few. The crackdown came after rampant abuse, misinformation, and coordinated disinformation campaigns were carried out by nation-states. Many tech giants believe that applications and video streaming platforms need to be policed to prevent the spread of violent and dangerous content during trying times like the COVID-19 pandemic.
Zscaler, a security firm, said hacking threats on systems it monitors have increased 15% a month since the beginning of the year, and so far in March they’ve jumped 20%. Most attacks tend to fool victims with the promise of information, protection, or in some cases cure from the coronavirus.
Attacks from China
According to Wired.com, Chinese hacking has increased exponentially amid the coronavirus crisis. Chinese cyberespionage group Apt41 has been attacking organizations worldwide by exploiting vulnerabilities in popular business applications and devices from companies such as Cisco, Citrix, and Zoho. Although hacking has always been a problem for most organizations, what makes these attacks significant is the fact that most employees across the world are now working from home or remotely. To ensure work continues uninterrupted and to accommodate the needs to work from home, organizations have been forced to reduce the security strength of their networks.
A report quoted security firm FireEye said that Apt41 tried to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central between January and March 2020—the time when the coronavirus pandemic was spreading at an alarming rate across the world. Elaborating further, FireEye said that Apt41 specializes in software supply-chain attacks. The group hacked into the software development environments of several software vendors and injected malicious code into digitally signed tools that were then distributed to customers through the normal software distribution channels.
“Apt41 leverages an arsenal of over 46 different malware families and tools to accomplish their missions, including publicly available utilities, malware shared with other Chinese espionage operations, and tools unique to the group,” FireEye said.
In part II of this article, we tell you how a security flaw in Microsoft Windows, and your desire to read the news make you an easy target for hackers. To know more about Security trends, you can download our latest whitepapers on Security.