COVID-19 Inspired Attacks Invade Threat Landscape

A recent Proofpoint report reveals that cybercriminals are currently mostly just running campaigns that are pertaining to COVID-19. 80% of all cyberattacks determined by the company are associated to COVID-19.

The new analysis was conducted on around 500,000 e-mail, 300,000 malicious hyperlinks, and above 200,000 malicious email file attachments. Proofpoint specialists found over 140 phishing and malware syndication campaigns and the cases are still increasing. The coronavirus theme covers almost all probable threats, with COVID-19 threats being performed by small players to well-known APT gangs. The email campaigns are diversified and repeatedly change. Proofpoint researchers think the varied nature of attacks will persist and attacks will very likely increase.

A Check Point report conveys the same story. In the middle of-February, Check Point saw several hundred coronavirus-associated malware attacks every day. In latter March, attacks had gone up to 2,600 per day with 5,000 attacks reported on March 28, 2020. These attacks included emails that have “COVID” or “Corona” in the subject line, email file attachment name or links to a domain or URL that contains those phrases.

In the last two weeks only, Check Point Research shows that over 30,000 domain names were bought pertaining to the COVID-19. Even though just 0.4% of the domain names were verified as malicious, 9% were suspicious, and plenty more may be employed by cybercriminals for phishing, fraud or malware distribution. The researchers observed that over 51,000 coronavirus-associated domains were bought from the middle of-January.

Cloudflare reviewed online threats and pointed out the 6-fold growth in online threats during the last month. Barracuda Networks noted a 600% growthrise in phishing attacks from the last days of February and noticedremarked a spike in impersonation tricks and business email compromise frauds.

The FBI already gave alerts regarding coronavirus and COVID-19-linked phishing scams and one more advisory was released on April 1, 2020 regarding the threat of attacks on software program and computer systems being to assist at-home personnel. Because of the growth in the number of at-home staff all through the 2019 Novel Coronavirus pandemic, a lot of people use teleconferencing and telework methods to manage communication with bosses, co-workers and clients.

Cybercriminals are trying to find vulnerabilities in virtual private network (VPN), teleconferencing and telework alternatives and so the FBI estimates greater exploitations of vulnerabilities in the coming period. These attacks are meant to steal sensitive information and pass on malware and ransomware.

Personnel at the FBI’s Internet Crime Complaint Center (IC3) assessed 1,200 issues regarding COVID-19-associated scams as of March 30, 2020. Attacks were recorded by first responders and healthcare establishments handling the COVID-19 crisis. The FBI has notified the continuation of these attacks, and it is most likely that threat actors will likewise begin targeting people doing work from home.

Meticulously consider the software you or your business uses for telework requirements, which include video conferencing application as well as voice over Internet Protocol (VOIP) conference call systems. Malicious cyber criminals are seeking tactics to exploit telework software vulnerabilities so as to get sensitive data, spy on conference calls or virtual conferences, or do other malicious activities.

Echoing the researches of Barracuda Networks, the FBI has given notice regarding BEC scams after getting a number of complaints from organizations that cybercriminals are doing BEC attacks asking for early payments because of COVID-19. There were likewise efforts made to modify direct deposit data for personnel to reroute payroll.

A lot of organizations have been pushed into acquiring new portable devices to make it possible for their personnel to work from home. The FBI alerts that these devices bring a risk of pre-installed malware, that could very easily be sent to business networks when personnel connects wirelessly.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone