Zoom App Vulnerable to Cyber Attacks

In India, the Zoom video conferencing app has been downloaded 100 million times from Google Play Store. The government had reissued new guidelines after many users had complained about instances of leaked passwords and hackers hijacking video calls midway through the conference. Zoom app does not have end-to-end encryption and violates the Information Technology Act and under the powers of Section 69(2) violating the Information Technology (Procedure and Safeguard for the interception, Monitoring, and Decryption of Information) Rules, 2009. Even the Computer Emergency Response Team of India (CERT-In), the national agency to combat cyber attacks and guarding the cyberspace stated that the unguarded usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information.

Fake Upi ID Under Pretext of ‘PM Cares’ Relief Fund

Prime Minister Narendra Modi urged people to contribute to the PM’s Citizen Assistance and Relief in Emergency Situations (PM-CARES) Fund. The cybercriminals created UPIs such as “pmcare@sbi” whilst the original UPI ID is “pmcares@sbi”. Further, scammers also created similar VPS’s but linked them to other banks and platforms; such as “pmcare@upi” or “pmcare@yesbank”. Fake UPI ID has been circulated on the pretext of the PM-CARE fund. Delhi police have registered an FIR after an online complaint was received. The Government immediately blocked the fake account to protect citizens from cyber frauds.

Aarogya Setu App

The app – Aarogya Setu, which means “bridge to health” in Sanskrit- was launched to tackle COVID-19 by tracking people in the mobile app. Privacy of its users is the main concern associated with this application as the government can share the data with “practically anyone it wants”. Moreover, a French hacker and cyber security expert Elliot Alderson claimed that “a security issue has been found” in the app that the “privacy of 90 million Indians is at stake”. This also goes against the provisions of the IT Act and the proposed Personal Data Protection Bill as the app service provider would fall under the definition of an intermediary and is obligated to ensure the security of the data collected and is liable for loss of it under the intermediary guidelines. Critics have repeatedly warned that the scheme puts personal information at risk and has criticized government efforts to compulsorily link it to bank accounts and mobile phone numbers.

Phishing Attacks: Banking Frauds & Emi Moratorium Frauds

The Barracuda researchers have reported three main types of phishing attacks using COVID-19 themes – scamming, brand impersonation, and business email compromise.7 Cyber attackers are making phishing calls or sending phishing emails or SMSs to bank customers pretending to be bank officials and asking them for sensitive information such as their account number, credit or debit card number, CVV, OTP, etc. Once the borrower shares the OTP, he loses money. It’s important to not share any personal details of bank – related transactions over the phone or through emails, to protect the account from cybercriminals.

Bois Locker Room Incident

On May 3rd, several screenshots were released on Instagram relating to a group named “Bois Locker Room” run allegedly by teenage boys from Delhi sharing objectionable pictures of underage and minor girls including nude and morphed pictures and making trashy comments. Such acts committed by the group members constitute offenses under Sections 506, 507, 509, 465, and 471 of the Indian Penal Code and Sections 67 and 67A of the Information Technology Act, 2000. This horrific not only raises the issue of privacy, safety, and well being of women, but also of sensitization and counseling of juveniles who are engaging in such conduct. Such cyber bullying and online cyber crimes have seen a continuous rise amid COVID-19. As more and more people depend on the Internet, these crimes seem to increase day by day.

World Health Organisation (Who) Cyber Attack

The World Health Organization’s security team has seen an enormous increasing number of attempts of cyber attacks on the officials from the initial state of COVID 19. Some hacking organizations tried to breach the privacy of the World Health Organization recently. Some of them are sending fraudulent emails and WhatsApp messages that attempt to trick and deceive the public into clicking on malicious links or opening unauthorized attachments. Nearly 700 Uniform Resource Locators (URL) have been blocked by social media platforms like Facebook and Twitter to ensure rumors and fake news do not proliferate.8 Social media platforms such as Facebook, Twitter, and Google have taken measures to ensure that the World Health Organization and Indian Council of Medical Research links are displayed on these sites to avoid misinformation.9 Unknown hacktivists made the public aware of around 25,000 email credentials belonging to the deputies and other staff of the world health organization.

Some top officials such as the National Institutes of Health (NIH), Gates Foundation, and others battling the coronavirus pandemic were also targeted in the same manner. The WHO published an alert in April warning the public that the hackers are posing as an agency to steal money and sensitive information from the public. The WHO is working with the private sectors to establish a more robust and vigorous internal system and also to strengthen the security measures. They are also trying to educate the staff on cyber security risks.