Cyberattacks have been on the rise since the month of March 2020. Hervé Debar, an information systems security researcher at Télécom SudParis, talked to us about the relationship between cyberattacks – such as phishing and zoom-bombing – and the Covid-19 health crisis.
For some, the crisis brought about by Covid-19 has created opportunities: welcome to the world of cyberattacks. The month of March saw a significant rise in online attacks, in part due to increased reliance on e-commerce and digital working practices, such as video conferences. “Such attacks include zoom-bombing,” says Hervé Debar, an information systems security researcher at Télécom SudParis.
Zoom-Bombing
Zoom is a video conference platform that has become widely used for communication and to facilitate remote work. “It’s a system that works really well,” says the researcher, “although it’s controversial since it’s hosted in the United States and raises questions about compliance, in particular with the GDPR.”
Zoom-bombing is a way of attacking users of such platforms by hijacking meetings. “There are real problems with the use of collaborative software because you have to install a client, so you run the risk of leaving the door to your computer open,” explains Hervé Debar.
Zoom-bombers seek to make a disturbance, but may also potentially try to spy on users, even if “a lot of power is needed for a malicious third party to hijack a desired meeting.” These virtual meetings are defined by IDs – sets of characters of varying lengths. In order to try to hijack a meeting, a hacker generates IDs at random in the hope of finding an active meeting.
“This means that there is little likelihood of finding a specific meeting in order to spy on users,” says Hervé Debar. “That being said, arriving uninvited in an active meeting at random to make trouble is easier in our current circumstances, since there are a much greater number of meetings.” An algorithm could be used to generate these valid tags. This works like a robot calling set numbers: it calls numbers on a continual basis and if someone picks up on the other end, it hands the call over to an operator.
It is worth noting that Zoom has taken certain cybersecurity aspects into account for its services and is making efforts to provide appropriate solutions. To lower the risk, meetings can also be protected by using an access code. Besides zoom-bombing, more traditional attacks are well-suited to the current health crisis. One such attack is phishing.
For what purpose?
The goal of phishing is to find a convincing bait to get the recipient of an email to click on a link and want to take further action. “Phishing techniques have gone from selling Viagra a few years ago to selling masks or other medical products,” says Hervé Debar. “This reflects people’s needs. The more worried they are, the more vulnerable they are to this kind of attack.” The fear of getting sick, coupled with a shortage of available protective equipment, can therefore increase the risk of these types of practices.
You get an e-mail saying: “We have masks in stock! Buy X masks for X euros.” So you pay for your order but never receive it.“It’s fraud, plain and simple,” says Hervé Debar. But such practices may also take a more indirect form, by asking for your credit card number or other sensitive personal information. This information may be used directly or sold to a third party. Messages, links and videos can also contain links to download malware that is then installed on the user’s computer, or a malicious application for smartphones.
Recently, this type of email has started using a new approach. Hervé Debar says that “the message is worded as a response, as if the person receiving it had placed an order with their supplier.” The goal is to build trust by making people think they know the sender, therefore making them more likely to fall for the scam.
From an economic viewpoint, unfortunately, such practices are profitable. “Even if very few people actually become victims, the operational cost is very low,” explains the researcher. “It works the same way as telephone scams and premium-rate numbers.”
Uncertainty about information sources tends to amplify this phenomenon. In these anxious times, this can be seen in the controversy over chloroquine. “The doubts surrounding this information make it conducive to phishing campaigns, especially since it has been difficult to get people to understand that it may be dangerous.”
How can we protect ourselves?
“Vigilance and common sense are needed to react appropriately and protect ourselves from phishing attacks,” says Hervé Debar, adding that “knowing suppliers well and having a good overview of inventory would be the best defense.” For hospitals and healthcare facilities, the institutional system ensures that they are familiar with their suppliers and know where to place orders safely.
“We also have to keep in mind that these products must meet a certain quality level,” adds Hervé Debar. “It would be surprising if people could just magically produce them. We know that there is a major shortage of such supplies, and if governments are struggling to obtain them, it shouldn’t be any easier for individuals.”
Information technology assists with logistical aspects in healthcare institutions – for example inventory and transporting patients – and it’s important for these institutions to be able to maintain communication. So they may be targeted by attacks, in particular attacks on services that seek to saturate networks. “There have been attacks on services at Paris hospitals, which have been effectively blocked. It seems like a good idea to limit exterior connections and bandwidth usage.”
Tiphaine Claveau for I’MTech