As cyberattacks grow in magnitude globally including in India, cyber criminals now prefer to use Covid-19 in scamming attacks that focus on fake cures and donations, compromising email accounts in Indian organisations.
In fact, 72 per cent of Covid-19-related attacks today are scamming or spear-phishing which is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
In comparison, 36 per cent of overall attacks were found coming from scammers.
“Nearly 13 per cent of all spear-phishing attacks come from internally compromised accounts, so organisations need to invest in protecting their internal email traffic as much as they do in protecting from external senders,” according to the report from cloud-enabled security solutions provider Barracuda Networks.
Business email compromise (BEC) attacks are increasing as cybercriminals see how lucrative this type of attack can be. Attackers’ exploitation of fears around the COVID-19 pandemic shows how quickly they can adapt to current events.
“A massive 71 per cent of spear-phishing attacks include malicious URLs, but only 30 per cent of BEC attacks included a link,” the findings showed.
“Hackers using BEC want to establish trust with their victims and expect a reply to their email, and the lack of a URL makes it harder to detect the attack”.
According to Murali Urs, Country Manager (India), Barracuda Networks, cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit.
“Their response to the Covid-19 pandemic proved it too well. The organisations in India today are facing increasing threats from highly-targeted phishing attacks,” he said.
Hackers are using multiple tactics to disguise malicious links and avoid detection by URL protection solutions.
The report took an in-depth look at new tricks being used to successfully execute attacks — spear phishing, business email compromise, pandemic-related scams, and other types.
“Business email compromise (BEC) makes up 12 per cent of the spear-phishing attacks analysed, an increase from 7 per cent in 2019,” the report said.
“The organisation must invest in technology to block attacks and provide training to help people act as a last line of defense and avoid falling victim to scammers’ latest tricks,” said Urs.