New Delhi: Cybercriminals are using COVID-19 to carry out ransomware and phishing attacks against people, and more than 9,000 coronavirus-themed attacks were noticed in India between February 2 and May 2, according to a Microsoft executive.

"Between February 2 and May 2, we saw 9,100 total file encounters related to COVID-19 or coronavirus. This means that our detection tools actually saw malware or URLs or an attachment or phishing email that was using COVID-19 as a claim to get someone to download malware to the system or potentially give up their credentials through a phishing attack, "said Ann Johnson, corporate vice president of Microsoft Corp (cybersecurity solutions group) at a conference telephone.

About 19 million such attacks were seen in Asia, he added.

"India was actually one of the lowest countries or the only country that was lower (among) those we tracked down was Australia, so India had some pretty good controls," he said.

He noted that cybercriminals are taking advantage of the coronavirus outbreak and targeting employees with phishing and malware decoys.

"That is exacerbated by the fact that the workforces are now largely remote and under a lot of stress. They may not have been equipped in their homes to work remotely … we really believe that technology needs to help our employees, customers, employees and IT professionals to navigate this crisis … We are seeing many different pockets of attacks, "he said.

Johnson said that some ransomware attacks will start in one department of an organization. Once cybercriminals see that they can monetize that attack, they move to another department in the organization to really maximize the impact.

She said that some of these attacks will claim things like if the person clicks on the given link, they will be the first of 1,000 people to receive the new coronavirus vaccine.

"So there is this sense of urgency that bad actors tried to drive because they don't want employees to have a chance to go ask a colleague. They know that people are potentially working from home, so they can't just walk to the next cubicle or walking down the hall, they may have to call someone or send them an email, and they give this urgency around these phishing attacks that the person should respond immediately, "he said.

Johnson said these attacks target vulnerable places like health care organizations, state and local governments, and critical infrastructure.

She said companies, at times like this, need to have "digital empathy,quot; as employees work remotely, potentially outside the company's firewall.

Johnson said organizations should ensure that employees receive the necessary tools and education, and that there are lines of communication available in case they encounter any problems.

