Businesses have become more vulnerable to falling for phishing scams: Jaya Baloo, Avast

Avast is a global leader in digital security and privacy products. With over 400 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the Internet and the evolving IoT threat landscape.

Here, Ms. Jaya Baloo, CISO, Avast, tells us more. Excerpts from an interview:

DQ: Can you tell us how many attacks have you recorded on SMEs/start-ups this year so far, compared to 2019?

Jaya Baloo: According to our data, the Indian businesses had a risk ratio, or a chance of infection from any type of malware, of 27.19% in 2019. While 2020 is still going on, we have figures for September 2020, where the risk ratio for India is 28.73%, a higher, but in a similar range. It is worth mentioning that India has the lowest risk ratio in its geographical area. In fact, in the whole of Asia only South Korea, Japan and Taiwan have a lower risk ratio. The global risk ratio was 26%.

DQ: What kind of attacks were recorded?

Jaya Baloo: This year, with the Covid-19 crisis, businesses are facing increased cybersecurity risks, because many businesses moved their workforce to work from home. The employees couldn’t rely on enterprise-grade security measures or VPN server access if their employer wasn’t prepared, and at the same time, they needed to access important corporate assets.

Businesses have become more vulnerable to falling for phishing scams. For example, since their employees are isolated from their colleagues and they can’t quickly check with their co-workers whether suspicious emails are in fact real.

We have seen an increase in some types of attacks. Globally, ransomware attacks have grown by 20% during the height of the pandemic in March and April in comparison to January and February this year. Malware authors continue to develop new, sophisticated variants supported by standard marketing and social engineering techniques to infect as many devices as possible.

Besides ransomware, there is spyware, sitting silently on the user’s PC while collecting personal data, banking information or online activities, and cryptomining malware, also belonging to the most prevalent threats. Businesses are facing threats targeting their employees’ smartphones, which include adware, spyware, ransomware, downloaders, and cryptomining malware.

DQ: What were the business losses that occurred due to these attacks? Or, how much can it impact?

Jaya Baloo: This depends highly on the type of business and the type of attack. Some companies can have an extensive amount of sensitive data that can be stolen via spear phishing targeting high ranking executives or via a system breach (e.g. trojan horses). Such losses can cause fatal damage to businesses.

Then, there are ransomware attacks, where there is always a dilemma whether to pay the ransom or for the repair (riding the infected machines of the malware and restoring data via backups). In mid-July, Garmin was hit with a ransomware attack that put its wearables, apps, website, and even its call center out for days. Similarly, Konica Minolta was hit by a ransomware strain, which brought its services down for almost a week in August.

Traditionally, dealing with ransomware attacks could be simplified to comparing the cost of recovery to the cost of the ransom. However, an additional variable has been introduced to the equation - doxing. It was only a matter of time until ransomware operators started exfiltrating sensitive data before their encryption and threatening to publish the content if they did not receive the payment.

This way, the data can be stolen during the ransomware attack as was the case when Carnival Cruises was targeted, and might also be in case in the attacks on Jack Daniels and the Ritz London. So, it is no longer just about having or not having backups - backups will not help protect against these types of data breaches.

DQ: What are the sectors that have seen most cyberattacks? Why?

Jaya Baloo: In recent years, cybercriminals have shifted their targets, going after larger, high-profile companies, or institutions that cannot afford to suffer from prolonged downtime, like healthcare systems, or municipalities.

Cybercriminals tend to adapt their attacks to current trends to make them more relevant, which is exactly what they are doing during the COVID pandemic. Among the many targeted institutions, hospitals are especially sensitive right now, as we have seen recently, when some of them were hit by a ransomware attack, paralyzing their computers.

In some of these cases, like for example in Brno, Czech Republic, which is also a testing center for the coronavirus, Avast helped to analyze the threat. Even the World Health organization faces a significant increase in the cyber attacks, in addition to being exploited in countless phishing scams requesting sensitive information and/or money.

To help the health sector we are also part of the COVID-19 Cyber Threat Coalition, which unites thousands of security professionals to volunteer their skills to fight the cybercriminals by sharing threat intelligence.

As working from home can make businesses more vulnerable, the similar situation applies across different industries and organizations, too. Some businesses had to close their facilities for some time, namely shops, restaurants, some production companies, and educational institutions.

These already have financial issues and additional harm done by threats like ransomware would be even more painful. Educational institutions are also now relying more than ever on their IT to provide students with learning materials or even to facilitate video conferencing, to give lessons, so attacking them can affect even more people.