Indians targeted by 9,100 covid-themed cyber attacks between Feb 2-May 2: Microsoft

Cyber crooks have already been taking advantage of the COVID-19 crisis to defraud persons using ransomware and phishing attacks on people. More than 9,000 coronavirus-themed attacks were detected in India between February 2 and could 2, a Microsoft executive said.

"Between February 2 and could 2, we saw 9,100 total file encounters linked to COVID-19 or coronavirus," Microsoft Corp Corporate Vice President (Cybersecurity Solutions Group) Ann Johnson told reporters on a conference call. “This means our detection tools actually saw malware or URL or an attachment or a phishing email that was using COVID-19 as a lure to get somebody to download malware to the machine or potentially to stop their credentials with a phishing attack.”

About 19 million such attacks were noted in Asia, she added.

India was actually among the countries least damaged among the ones that Microsoft tracks, aside from Australia, she said. “So, India had some very good controls set up," she said.

She noted that cybercriminals are taking advantage of the coronavirus outbreak, and are targeting employees with phishing lures and malware.

"That's exacerbated by the actual fact that workforces are actually largely remote and under a whole lot of stress. They might not exactly have been equipped within their homes to work remotely...we do believe that technology must help our employees, customers, employees and IT professionals to navigate this crisis...We're seeing a whole lot of different pockets of attacks," she said.

Johnson said some ransomware attacks would start in a department of an organisation, as soon as cybercriminals see that they can monetise that attack, they proceed to another department in the organisation to maximise impact.

She said many of these attacks claim things such as if the individual clicks on the given link, they'll be the first of 1,000 people to find the newest coronavirus vaccine.

"So, there's this sense of urgency that the bad actors tried to operate a vehicle to because they don't really want the employees to have the possibility to go ask a colleague," she said. “They know persons will work from your home potentially, so they can not just walk to the next cubicle or walk down the hall, they may need to phone somebody or e-mail them, and they give this urgency around these phishing attacks that the individual must respond right away.”

Johnson said these attacks are targeting vulnerable places like healthcare organisations, state and municipality, and critical infrastructure.

She said enterprises, at times like this, have to have "digital empathy" as employees are working remotely, potentially outside of the company's firewall.

Johnson said organisations should ensure that employees receive necessary tools and education, and that we now have lines of communication obtainable in case they face any issue.