Covid-19 Is Working Well For Criminals

The coronavirus pandemic have fuelled a disturbing rise in the number of cyber-attacks. As COVID-19 pushes the legitiamte economy towards recession, the cyber crime economy appears to be surging.  Furthermore, the impact of the virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to profit from a significant chane in supply and demand.

Some criminals on the Dark Web seem to be  changing their behavior to take advantage of the special opportunities that see before them. 

Check Point Research has published a report about cyber attacks which specifically use the coronavirus pandemic. Three weeks prior to 12 May, the company recorded 192,000 coronavirus-related cyber-attacks every week, a significant 30% increase over previous weeks. During April-May 20,000 new coronavirus-related domains appeared on the Internet, and 17% of these were malicious and or suspicious.

The scale of the problem is so unprecedented that international organisations like Interpol and the World Health Organisation (WHO) have been releasing regular alerts and bulletins for the general public on covid-19 cyber-threats. Recently, Interpol’s cybercrime programme released a report, Global Landscape On Covid19 Cyberthreats, which identifies the latest modes and threats. Online scams, phishing and disruptive malware, which includes the dreaded ransomware, are the prominent modes of attack

  • “Business Email Compromise (BEC) has become the scheme of choice, involving the spoofing of supplier and client email addresses—or use of nearly identical email addresses—to conduct attacks," Interpol says. Hashtags like #WashYourCyberHands have been trending ever since to keep users up to date about the scams evolving every second.
  • Video-conferencing apps are being impersonated while platforms like Microsoft Teams and Google Meet have also been used to attract potential victims. Recently, people fell prey to phishing emails that came with the subject. “You have been added to a team in Microsoft Teams", the Check Point Research report notes. Clicking on the URL that accompanied this email would install malware on a user’s system, compromising its security. 
  • The WHO itself has been used as a decoy with receiving emails, supposedly from WHO, offering information on safety measures to avoid infection. Some users have even opened emails that claim to be a request to donate to WHO’s COVID-19 Solidarity Response Fund. The fund does exist but WHO would never mail you from, say, a Gmail account, as was the case in this instance.

The scams are not exclusivley aimed at individual users and numerous banks, real estate companies and other institutions too have been sending out SMSes and emails, asking customers to look out for suspicious calls or emails.  Phishing and other forms of cyber attacks are here to stay and next time you get an unsolicited email or a promotion campaign that looks too good to be true, think carefully before you click on it.

CheckPoint:       LiveMint:      SC Magazine:       Financial Times

You Might Also Read: 

Half Of Lockdown Remote Workers Ignore Cyber Security:

 

« Chinese Hackers Attacked EasyJet
Artificial Intelligence Takes Microsoft Jobs »

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Don't rely only on CVSS to prioritize. Use machine learning to predict what is most likely to be exploited.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Securious

Securious

Securious has been implementing trusted network security and data protection solutions since 2007.

CyberArk Software (UK) Limited

CyberArk Software (UK) Limited

CyberArk provide secure sharing and storage solutions for sensitive data including password vaults and repositories.

GovCERT.ch

GovCERT.ch

Computer Emergency Response Team of the Swiss Government.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

SOSA

SOSA

SOSA facilitates new growth opportunities by connecting the dots between industry verticals and innovation ecosystems around the world.