Researchers at Check Point continue to see a dramatic rise in the number of coronavirus-related cyber attacks. In the past 2 weeks alone, the number of coronavirus-related cyber attacks have increased significantly from a few hundred to as high as over 5,000 on March 28. On average, over 2,600 coronavirus-related cyber attacks occur each day. Although the number of coronavirus-related cyber attacks has seen a sharp rise, the overall number of cyber threat activities in organizational networks worldwide has dropped monthly by 17% between January and March 2020.
Check Point leveraged its threat intelligence engine, Threat Cloud, to surface these numbers. Further examination has led to some additional insight:
- 84% of the events were triggered by phishing websites
- ~2% of the events involved the victim accessing the malicious website using his/her mobile device
Defining Coronavirus-related Cyber Attacks
Check Point defines coronavirus-related attacks as those that involve:
- Websites with “corona”/”covid” in its domain
- Files with “Corona” related file names
- Files that have been distributed with coronavirus-related subjects in their email
Coronavirus-related Domain Registrations Soar
In the past two weeks, more than 30,103 new coronavirus-related domains were registered, of which 131 are malicious and 2,777 are suspicious and under investigation. This means that, in total, over 51,000 coronavirus-related domains have been registered since January 2020, the relative start of the coronavirus pandemic.
Netflix Phishing Attacks Double
Check Point Research sees a 2x growth in the number of phishing attacks by websites posing as Netflix. Most of these sites were registered in recent months, including domains that use the virus’ official name given by the World Health Organization (netflixcovid19s.com). Some of these websites offer payment options, in an attempt to fraudulently extract user details and payment credentials.
Omer Dembinsky, Data Manager of Threat Intelligence at Check Point:
“The significant incline in coronavirus-related cyber attacks is in correlation with the devastating news about the situation in US and EU. As the number of physical casualties increase, so is the number of cyber attacks relating to the virus. We can expect this trend to continue in the near-term,” says Omer Dembinsky, Data Manager of Threat Intelligence at Check Point. “Clearly, hackers are shifting their resources away from targeting businesses, as most of us are now working from home , and towards activities that can reach us directly in our homes, such as Zoom and Netflix, which we have recently conducted research on. It will be important for us all to exercise good cyber hygiene, and to be extra cautious when receiving documents or links.”
Suspicious “Zoom” Domains and Files Surge Last Week
Recently, Check Point Research saw a spike in the number of “Zoom” domains registered and spotted malicious “Zoom” files targeting people working from home. Over 1700 new “Zoom” domains have been registered since advent of the coronavirus pandemic, 25% of which were registered in the past week.
In January 2020, Check Point published a research report proving that Zoom had a security flaw. The research showed how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Consequently, Zoom was forced to fix the security breach and change some of its security features, such as mandating scheduled meetings to automatically be protected by a password. The same researchers who conducted the research study published general Zoom Safety Guidelines for folks working from home.
How to Stay Protected
Check Point recommends the following for safe online behavior are:
- Beware of lookalike domains. Watch for spelling errors in emails or websites, and unfamiliar email senders.
- Be cautious of unknown senders. Watch for files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
- Use authentic sources. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
- Beware of “special” offers. “An exclusive cure for Coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
- Do not reuse passwords. Make sure you do not reuse passwords between different applications and accounts.
- Enact an end-to-end cyber architecture. Organizations should prevent zero-day attacks with an end-to-end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time.