2019 Novel Coronavirus and COVID-19 Themed Attacks Dominate Threat Landscape
Cybercriminals are now almost exclusively conducting 2019 Novel Coronavirus and COVID-19 themed-campaigns according to a new report published by Proofpoint. 80% of all threats identified by the firm are coronavirus or COVID-19 related.
The recent analysis was performed on more than half a million email messages, 300,000 malicious URLs, and over 200,000 malicious email attachments. Proofpoint researchers identified more than 140 phishing and malware distribution campaigns and report that the number of active campaigns continues to rise. The coronavirus theme spans virtually every possible threat, with COVID-19 campaigns being conducted by small players to the most prolific APT groups. The email campaigns are diverse and frequently change and Proofpoint researchers believe the diverse nature of attacks will continue and attacks will likely increase.
A report from Check Point tells a similar story. In mid-February, Check Point was seeing a few hundred coronavirus-themed malware attacks a day, but by late March the average number of attacks had increased to 2,600 a day with 5,000 attacks taking place on March 28, 2020. These attacks involved emails with “Corona” or “COVID” in the email subject line, name of an email attachment, or linked to domain or URL containing those words.
In the past two weeks alone, Check Point Research reports there have been more than 30,000 domain names purchased related to the coronavirus or COVID-19. While only 0.4% of those domains have been confirmed as malicious, 9% were suspicious, and many more could be used by cybercriminals in the near future for phishing, malware distribution, or fraud. The researchers note that there have been more than 51,000 coronavirus-related domains registered since mid-January.
An analysis of online threats by Cloudflare revealed there has been a 6-fold increase in online threats over the past month, with hacking and phishing attacks up 37% month-over-month. Barracuda Networks reports there has been a 600% increase in phishing attacks since the end of February and notes a rise in impersonation scams and business email compromise scams.
The FBI has already issued warnings about coronavirus and COVID-19-themed phishing scams and a further alert was issued on April 1, 2020 warning of the threat of attacks on software and computer systems being used to support at-home workers. The increase in the number of at-home workers during the 2019 Novel Coronavirus pandemic has seen many turn to teleconferencing and telework solutions to maintain contact with employers, colleagues and customers.
Cybercriminals are searching for exploitable vulnerabilities in virtual private network (VPN), telework, and teleconferencing solutions and the FBI anticipates increased exploits of vulnerabilities over the coming weeks. These attacks are being conducted to steal sensitive data and spread malware and ransomware.
1,200 complaints about COVID-19-related scams have been received and reviewed by staff at the FBI’s Internet Crime Complaint Center (IC3) as of March 30, 2020, and attacks have been reported on first responders and medical facilities tackling the COVID-19 crisis. The FBI has warned that these attacks will continue, and it is likely these threat actors will also start targeting individuals working from home.
“Carefully consider the applications you or your organization uses for telework applications, including video conferencing software and voice over Internet Protocol (VOIP) conference call systems,” warned the FBI in its April 1 alert. “Malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities.
Echoing the findings of Barracuda Networks, the FBI has warned about BEC scams following several complaints from businesses that cybercriminals are conducting BEC attacks requesting payments be made early due to COVID-19. These scams see new account details provided for payments and changes to regular communication methods. Attempts are also being made to change direct deposit information for employees to divert payroll.
Many businesses have been forced into buying new portable devices to allow their employees to work from home, including purchasing devices from overseas or secondhand devices. The FBI warns that these devices carry a risk of having malware pre-installed, which could easily be transferred to business networks when employees connect remotely.