How Hackers Benefit from the Coronavirus Crisis

by Sergiu Popa / 22 July

Computer hacking – a fascinating subject populated with tales from the scholars of trivia who often heard about hacking from TV, seen it in a movie or acquired a couple of certifications which they believe allow them to call themselves so.

We give you hacking insights based on experience, not hypothetical scenarios created in labs. How can one hacker exploit corona? In the times of the COVID-19 crisis, forecasts estimated that cyber-crime will increase 400%. And these estimations went low. They actually increased way more than that.

 

Let’s delve into the subject. Usually, social engineering is probably the most potent way of delivering attack payloads to corporate environments whose users’ only training consists in less than mentally challenging security mantras (change your password, don’t click on these links, click on these other links, etc.). Furthermore, the psychological nature of a crisis such as the one we are facing now attempts to, at the very least, excite a basic human trait: curiosity. Throw in curiosity and a cunning manner of delivering a message and the result is called “victims”. Let’s analyze the following examples, which we introduce in a somewhat random fashion, but they will eventually make sense in the end.

 

The crisis kind of pushed companies to adopt working from home as the way to move forward. This move by itself is self-obvious in terms of how it can be exploited by the clever hacker. Hackers identify the first element that creates an exploit: confusion. A study indicates that oral communication when perpetuated to a chain of more than 5 people dilutes itself to 20% or less. It is quite easy to imagine an IT department training. “Guys, do not click on phishing links. No spamming links. We may update our VPN to incorporate multi factor authentication.” Most people are unable to identify phishing links. It can be quite hard sometimes, as some of these links are actually legitimate, but their purpose is to lead to spear-phishing. Please consult https://www.phishtank.com/ and test your phishing “street smarts”. Then, people are told that they may update their VPN. Well, that right there can break all hell loose. If a user receives an email from their IT department, being asked to download a new VPN client, 95% of the users will attempt to do it, while only 30% of that 95% will succeed in installing the malicious package (lack of computer literacy when it comes to installing programs).

 

Imagine the next scenario: a hacker wants to break into a bank, but their security is quite strong and he may not want to create mathematical models of deception for their network analysis software. What can he do? Quite simple. All their profiles are listed on LinkedIn. Great. What’s next? Gathering social media information on these people, he can somehow obtain a score of who is tolerant to a degree of hypochondria. Then he emails them as being the hospital and tells them that according to their records, there is a high degree of probability that they may be infected with COVID-19 and they may want to register for a free COVID test at their website, https://ExampleHospital.com, where they will be asked to fill in their address, DOB, phone number, email and eventually fax in a copy or upload a copy of their NI document. The skilled operator (hacker) will now go and brute-force the Wi -Fi password to their house. Or they might get more creative, and eventually offer some chatting software, support software which enables the victim to talk to others in their category or consult with a live doctor. Of course, the “get-you-well” software is nothing more than a trojan, a RAT (remote administration tool).

 

This is just a casual example of what a hacker might do. But let’s consider the following scenario:
The employees of company X receive an email from the IT department stating that their picture has to be uploaded to the new SharePoint directory for a work from home directory creation and the distribution of COVID-19 testing toolkits. This attachment containing the picture might be ransomware or adware or some other malware. Usually, the common criminal will send ransomware. The average criminal will send some malware/adware and the smart criminal will send an APT, whose purpose is to lie dormant and probably redirect TB of Google traffic to their benefit to shortening links and this situation can go on for years.

 

As we can see, the COVID-19 crisis, if played on the right soft psychological side of people, can have devastating effects on a company’s security systems. As always, knowledge is power. At Metaminds, we pay close attention to every requirement our clients express and make sure we address their concerns with a flawless, custom-designed solutions to ensure the safety of their operations.