High levels of COVID-19 based cyber attacks seen in March but overall levels are down
- Published: Thursday, 02 April 2020 08:21
Researchers at Check Point continue to see a dramatic rise in the number of COVID-19-related cyber attacks. In the past two weeks alone, the number of COVID-19-related cyber attacks have increased significantly from a few hundred to as high as over 5,000 on March 28th. On average, over 2,600 COVID-19-related cyber attacks occur each day. Although the number of COVID-19-related cyber attacks has seen a sharp rise, the overall number of cyber threat activities in organizational networks worldwide has dropped monthly by 17 percent between January and March 2020.
In the past two weeks, more than 30,103 new COVID-19-related domains were registered, of which 131 are malicious and 2,777 are suspicious and under investigation. This means that, in total, over 51,000 coronavirus-related domains have been registered since January 2020.
Omer Dembinsky, Data Manager of Threat Intelligence at Check Point said: “Clearly, hackers are shifting their resources away from targeting businesses, as most of us are now working from home, and towards activities that can reach us directly in our homes, such as Zoom and Netflix, which we have recently conducted research on. It will be important for us all to exercise good cyber hygiene, and to be extra cautious when receiving documents or links.”
Recently, Check Point Research saw a spike in the number of ‘Zoom’ domains registered and spotted malicious ‘Zoom’ files targeting people working from home. Over 1700 new ‘Zoom’ domains have been registered since the start of the pandemic, 25 percent of which were registered in the past week.
In January 2020, Check Point published a research report proving that Zoom had a security flaw. The research showed how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Consequently, Zoom was forced to fix the security breach and change some of its security features, such as mandating scheduled meetings to automatically be protected by a password.
How to stay safe
Check Point recommends the following:
- Beware of lookalike domains. Watch for spelling errors in emails or websites, and unfamiliar email senders.
- Be cautious of unknown senders. Watch for files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
- Use authentic sources. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
- Beware of ‘special’ offers. If an offer seems too good to be true it very probably is!
- Do not reuse passwords. Make sure you do not reuse passwords between different applications and accounts.
- Enact an end-to-end cyber architecture. Organizations should prevent zero-day attacks with an end-to-end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time.