Digitalisation has proven its role in the 21st century during the pandemic, but not everyone is prepared for its takeover. Hence, many have fallen victims to cybercriminals. Becoming more dependent on email communications, employees also face the risk of phishing emails masked as official business communication, especially when their companies do not have sufficient Virtual Private Network (VPN) capabilities, standardised telecommuting policies, and secure mobile infrastructure, says Joanne Wong, Vice President for International Marketing at LogRhythm.
Like vultures, cybercriminals feed on people’s anxiety of the pandemic by posing as government or health officials to do phishing scams, preying on the opportunity opened by the dependence on digital technologies to spread awareness. Trustwave, a Singtel company, reports that fifty per cent of incidents they investigated were results of phishing and other social engineering tactics, a trend observed today with most attacks springing from promises of new information and updates about COVID-19, eventually succeeding to lure users given their increasing worry and fear.
Before COVID-19 was declared a pandemic, electronic crime (eCrime) actors were already capitalising on the outbreak, says Sherif El Nabawi, Vice President of Engineering for the Asia Pacific and Japan at CrowdStrike, finding a 330 per cent increase in eCrime this year.
It was called ‘Mummy Spider’, an eCrime actor using Japanese language spam spoofing a public health centre to distribute the Emotet downloader malware so users would download and install Wizard Spider’s TrickBot. Others sold COVID-themed tools, such as a phishing method disguised as a COVID-19 map.
Southeast Asia has yet to fortify its defences against cyber threats. Countries in the region find themselves popular targets of recent incidents, jeopardising citizens' personal data and national security. Even though some may not acknowledge the seriousness of the incidents, the stakes are undeniably high.
Still apprehensive about previous events that compromised thousands of medical records and personal data, Singapore, because of its intensive internet adoption, remains a favourite among hackers. From March to May this year, more than 1,500 malicious phishing URLs targeting the state were found, according to the Cyber Security Agency (CSA). In April, education institutions have become the newest targets. Students and teachers were seen as “softer targets” as they turned to remote learning and are less aware of advanced security protocols.
One of the top five countries in the world targeted by cyber threat actors, Malaysia, likewise, found a surge in cyberattacks at the start of its Movement Control Order, detecting 20 different coronavirus-related malware during the outbreak.
Recognising these threats and knowing that telecommute is here to stay even after the pandemic, governments and organisations respond accordingly. After all, becoming digital does not come without its worries.