Covid-19 based cyberattack may target millions of Indians

The targets will be sent covid-themed phishing emails in names of government agencies offering free testing. They will be encouraged to click on links that will take them to malicious websites created to seek personal and financial information.

Cyfirma's report is part of a global investigation into the operations of the notorious Lazarus group which is planning to hit around over 5 million individuals and businesses in 6 countries including those in India between June 20 and June 21.

Users across US, UK, Japan, South Korea and Singapore will also receive similar phishing emails promising direct payments with the underlying intention of stealing information. Businesses will be targeted with emails that would help them get the stimulus package announced by governments in their respective countries.

Lazarus group is one of the largest hacking groups and the alleged backing of North Korea gives them access to the infrastructure to carry out large scale attacks. A case in point is the Wanny Cry ransomware attack of 2017 which infected and crippled around 230,000 computers in 150 countries. The victims are estimated to have lost $4 billion across the globe due to the attack.

The group is also believed to be involved in several high profile cyberattacks, including the breach at Sony Pictures in 2014 and the million-dollar Bangladesh Bank heist in 2016.

Covid-19 related phishing campaigns have been immensely popular with cyber criminals across the world. Ever since the pandemic started in China, reports of phishing emails sent in the name of WHO, CDC and other government agencies offering information, symptoms checks, free PPEs and seeking donations have also multiplied.

According to a May report by cybersecurity firm Check Point, there have been 192,000 coronavirus-related cyber-attacks per week over the past three weeks (before the report was published), an increase of 30% over previous weeks. Almost 20,000 new coronavirus-related domains were registered in the past three weeks and 17% of them were found to be malicious or suspicious.

Cyfirma had recently reported another major conspiracy to carry out cyberattacks in India. Only this time, the targets were government agencies, several media houses, pharmaceutical companies and telecom operators. It was found that several Chinese hackers including those belonging to Chinese state backed Gothic Panda and Stone Panda wanted to teach India a lesson for the recent skirmishes between the two countries in Ladakh and have even created a hit list of Indian organisations they intended to target.