How Cybercriminals Take Advantage Of COVID-19

18.05.2020

- David Goldstein -

192,000 cyberattacks and millions of phishing emails per week plus 90,000 domains as cybercriminals take advantage of COVID-19 pandemic. In the three weeks to 1 May, there were almost 20,000 new coronavirus-related domain names registered with one in six (17%) malicious or suspicious according to the latest update provided by Check Point Software Technologies this week.

COVID-19 fraud is the new trend

There has been a number of organisations including Interpol and Europol warning of fraud related to COVID-19. And it’s not just domain names. Email remains a favourite for criminals with The Verge reporting in mid-April that in one week Google saw more than 18 million daily malware and phishing emails related to COVID-19 scams were sent via Gmail alone plus 240 million daily COVID-19 related spam messages.

With domain names, it’s not just COVID-19 and coronavirus, it’s also everyone’s new favourite the video conferencing software Zoom, which has seen a boom in the current pandemic as people are forced to stay at home. In the three weeks prior to their latest report, which appears to be the three weeks to 1 May, there were around 2,500 new Zoom-related domain names registered (2,449) according to Check Point. 1.5% of these domains were malicious (32) and another 13% suspicious (320). Since January 2020 they report a total of 6,576 Zoom-related domains have been registered globally. And Zoom isn’t the only platform cybercriminals are impersonating – Check Point found both Microsoft Teams and Google Meet have been used to lure victims too.

COVID-19 registrations in four phases

For coronavirus and COVID-19-related domain names, there have been a number of findings by Check Point including 192,000 coronavirus-related cyberattacks per week, a 30% increase compared to the previous weeks. These involve domain names and files with “covid” or “corona” in their names.

When it comes specifically to domain names, since mid-February Check Point has seen an escalation in the number of coronavirus-related domains being registered. In the previous three weeks there were almost 20,000 (19,749) new coronavirus-related domains registered with 2% of these malicious (354) and another 15% suspicious (2,961).

Since the beginning of the outbreak, a total of 90,284 new corona-related domains have been registered globally.

As the pandemic has evolved around the world, Check Point has observed changes in the domain names being used by cybercriminals. The four stages were:

• at the beginning of the outbreak, domains relating to live maps (tracking geographic areas that saw a rise in coronavirus cases) were very common, as well as domains related to coronavirus symptoms
• towards the end of March, the focus turned to relief packages and stimulus payments due to the economic plans executed by several countries.
• since several countries have started easing restrictions and begun planning the return to normal life, domains related to life after the coronavirus have become more common, as well as domains about a possible second wave of the virus
• along the entire pandemic timeframe, domains related to tests kits and vaccines remain very common, with slight increases as time goes on.

Five tips for being protected from phishing attacks

1. beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders
2. be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do
3. ensure you are ordering goods from an authentic source such as NOT clicking on promotional links in emails, and instead, search for your desired retailer and click on the link in the search results page
4. beware of “special” offers
5. make sure you do not reuse passwords between different applications and accounts.