Impacts of the Pandemic on Cybersecurity
We spoke to Umar Saleh Gwani, founder and CEO of NextOne ICT, an information and Communications Technologies Consultant and solution provider to a wide range of clients over Satellite, mobile and microwave spectra. Umar spoke on the threats and cautions users may make in regards to cybersecurity.
What has changed about Cybersecurity due to the pandemic?
Life as we know it has changed, tasks we are used to and take for granted on our PCs, laptops and mobiles have all changed, the internet as a medium for communication has also changed. Governments world over have been taken unawares and ill-prepared for a transition they've procrastinated upon. There has never been a period in human history witnessed, that forced us to reevaluate our relationships as global citizens, coworkers, and partners towards an existential threat like COVID 19 pandemic.
The public and private sectors have been practically shut down and people whose jobs do not require them to go to places of work have been asked to work remotely, schools are transitioning online to address the gap created by closure. It is the best of times for information and communication technologies, unfortunately, it is also the worst of times for the unsecured and unprepared due to new emerging threat scenarios and actors who have discovered a goldmine in the dilemma.
There was a 131% increase in viruses detected in March 2020 compared to the same month in 2019. These threats range from data leakages to phishing scams, ransomware, and internet frauds, including well-articulated distributed denial of Service (DDoS) attacks
How have these increasing risks impacted the average internet user?
The average person using the internet has been a victim of different types of viruses and malware that are being spread through shared links and files exchanged through emails and social networks. Some are designed to exfiltrate data from infected devices with a view to harvesting contacts, personally identifiable data, logins to banking applications and even social networks to broaden the attack surface of the vectors and these come in several forms where all it takes is a single click from a careless person on an attachment, or image or suspicious links. Those who own websites that are not secured stand the risk of fake subdomains being used on the site as landing pages to deliver malware payload to those arriving at such pages after clicking.
In addition, financial institutions and self-service portals of different entities doing online business and transactions are being cloned in Phishing attacks to capture access data to compromise such systems.
Furthermore, government institutions and private enterprises are also targeted to spread fake news on COVID 19 so a lot of misinformation is being passed on, causing people to panic so that same criminal players are now providing false solutions to victims to ensnare that some more - it's the monetization of criminal online activities.
Development agencies are also not left out as cybercriminals are coming up with all sorts of relief packages for the gullible to click and enroll without knowing what threats lie therein.
Can one ever be careful enough on the internet, especially as most sites require users to grant certain privileges, from Cookies to Caches, as a precondition for access?
To some extent yes, Web browser cookies can be cleaned from temporary storage but real dangers lie in rootkits which either append or install as part of the operating system. Unfortunately mobile devices most especially Android have features for people to install apps from unknown sources and quite often these apps are loaded with threats which primarily is the reason they're not allowed in the official PlayStore. As such vulnerabilities are granted the appropriate permissions to take over root or administrative roles on the compromised devices.
These apps connect to command and control servers that weaponize them for the kind of threat the attacker wants to launch. On networked systems, cracked and pirated software provide attack surfaces for privilege escalation and establishment of advanced persistent threats that are very long-termed and hard to discover or sometimes never at all.
Several antiviruses are available for personal use which will detect some threats but often people do not update their threat definition libraries so many pass unnoticed. In addition, corporate new generation firewalls have capabilities for a real-time online scan of traffic to detect many, but the prohibitive cost and complex operations requiring expertise have deterred their usage to only those that can afford that.
With the rise in statistical software for decrypting messages, should we feel safe communicating on platforms that offer end-to-end encryption as protection?
Yes, many end-to-end encryption standards offer stronger ciphers to provide adequate protection and with the introduction of Blockchain technology in cybersecurity, it is tedious but not impossible to extract data.
In due course when it becomes mainstream in adoption there will be an improvement in securing communication channels to avoid attacks like Man in the Middle attacks which hijack sessions and intercept traffic before it reaches the desired destination. But the safest thing always is to be diligent in inspecting anomalies and abnormalities through being careful, inspecting links for redirections, misspellings in URLs and addresses and never opening anything suspicious most especially offers too good to be true.
At a personal level for an average user, the danger always comes from not being careful. A good example is WhatsApp and Telegram which offer end-to-end encryption between parties in a conversation but yet WhatsApp accounts have been compromised as a result of sharing files embedded with malware. These are passed as regular traffic prevented from deciphering when intercepted but is a different kettle of fish once downloaded and opened on devices, hence careless users that share links to several online goodies like free data, expose the rest of their contacts to such threats.
It is also clear there has been an increased number of COVID-themed campaigns in the form of Trickbot and Formbook. The Formbook campaigns have been targeting educational institutions, via phishing messages with a trojanized application for teachers. Formbook, like other data stealers, is focused on harvesting sensitive data.
Most users feel at risk all the time, whether or not their devices are compromised. Any tell-tale signs they should watch out for?
The signs are clear. Unusual reboots, a slowdown in performance, app misbehaviors, files disappearing or files and extensions changing, sometimes unusual error messages flash on the screen, loss of data even though background services are disabled, and sometimes contacts receiving messages you didn't send from your account, the frequent crashing of devices for the same reasons. In cases of Ransomware attacks contents are encrypted and a countdown timer indicating a dateline to irrecoverable damage.
What kind of privileges do you advise users never to grant User Interfaces?
Depending on the app access to contacts, microphone, camera, storage, calendar and any other system feature should be used sparingly and only when such apps make requests.
By default, most apps take such privileges during installation, and if a user did not review such app permissions one may end up granting many questionable privileges to them. For instance what business does a torchlight app have with call logs or incoming/outgoing SMS?
The most important thing is never to grant any app Root privilege unless you are aware and sure of what exactly this app requires.
What do you think about people providing their credit card details to third-party Institutions, especially e-commerce sites?
Some are reliable but we should be careful, it is better to have a payment gateway that keeps money in an escrow account until the transaction is verified. Google being your friend, it is worthy to search for reviews or comments by users with previous experiences with such entities to ensure that in the event of non-fulfillment money can be reversed as done by Amazon, eBay, AliExpress, and others.
Many merchants on social networks most especially Facebook and Instagram often disappear after receiving payments only reappear later with a different name displaying the same products, there is an absolute need for being careful in choosing merchants, often these crimes persist because of greed or down to earth ridiculous pricing models used by such fraudsters.
Any general advice for users on how to navigate safely online?
Users should only visit sites secured by SSL encryption, that is sites whose URLs start with https://, because these certificates can be inspected to establish the true identity of the entity from a Certification Authority (CA) where this is absent, run.
Users should also periodically update antivirus software and clean up caches and cookies left behind after browsing, good thing is that most of these tasks can be automated and can run in the background unobtrusively.
Users should also screen freebies carefully including registering access to certain websites with either their email or social network accounts.
Passwords should be changed regularly and never to use the same password on more than one account.
There are also websites available to check account vulnerabilities. A good example is "Have I been Pawned" which lets you confirm if your account has been compromised