Phished accounts sent malware in September
Indian Computer response team (CERT-In) has seen a campaign of phishing scams targeting users of the NCIs email service for Government of India (email.gov.in).
CERT-In is part of the Ministry of Electronics and Information Technology Government of India.
It stated the campaign involves fraudulent websites spoofing (email.gov.in) homepages, and involved emails pretending to be from NCI asking users to “verify” their account or other such pretexts.
According to CERT-In the email contains a link to one of the spoofed websites which steal user’s login credentials.
“It has been observed that successfully phished email accounts are then used to send malware-containing emails to other sensitive Government organisations and users,” stated CERT-In. “These mails contain topical and context-aware content to lure the target into opening malicious attachment.”
This can potentially infect the system if the email attachments are opened. And the malware can create persistence inside the targeted organisation’s network and could be “used for various malicious activities such as stealing sensitive data”.
In late August the Crowdstrike Asia Pacific and Japan State of Cyber Security report found despite one third of businesses transitioning to remote databases and cloud storage due to COVID-19, more than half have not updated their security systems to reflect the change.