THIRUVANANTHAPURAM: Cyber criminals are increasingly using the Covid-19 pandemic period to target people with malware which can compromise crucial personal data as well as those of organisations. A benign looking email, promising the latest update on Covid-19 statistics or projections during the week ahead, will easily attract the attention of internet users. Even the sender’s mail ID will appear quite genuine. However, it could be malware for phishing data from the computer or giving remote access to cyber criminals or ransomware which demands money for restoring access.
“Most cyber threats come as phishing emails that lure us to click on the bait,” said Renjith A, project manager of Computer Emergency Response Team-Kerala (CERTKerala), a nodal agency of Kerala State IT Mission. “The cyber criminals collect large amount of email IDs and send spam mails,” he said. CERTKerala has issued advisories warning netizens of the likelihood of malware attacks in the state. It follows reports from national agency CERTIn on cyber attacks in many parts of the country. Besides, CERT-In has advised internet users to update Mozilla Firefox browser after finding chinks in the older version.
IT companies too have alerted employees working from home on the need to maintain ‘IT hygiene’ — it includes updating anti-virus and other key software, avoiding unsolicited emails, keeping a backup of important data, using strong passwords and discretion in using USBs — after a cyber attack resulted in service disruption of IT services provider Cognizant this week. The security breach at Cognizant was carried out by Maze ransomware attack.
According to cyber experts, IT companies are at maximum risk since they allow employees to handle all kinds of data at home. The firms have also provided office computers and some of them even allow employees to use personal computers for work. “There are various security measures adopted to prevent security breach. However, the onus is on the employees to ensure IT hygiene.” said an IT employee. But merely keeping the anti-virus updated will not give adequate security, said Renjith. CERT-Kerala keeps an eagle eye on computers used by government departments. So far, no incidents of phishing involving official computers have come to light.