True North Networks Blog
Malicious domains, phishing and malware distribution remain rampant during the coronavirus outbreak
New research suggests coronavirus-related cybercrime still dominates the present threat landscape - and could even be accelerating.
According to a new report from cybersecurity researchers at Check Point, the number of coronavirus-related cyberattacks has reached 192,000 per week – a jump of almost a third (30 percent) over the previous two weeks.
Most attacks begin with a phishing email, in which the hacker impersonates the World Health Organisation, United Nations or another similar institution.
These emails might claim to hold the latest information relating to the ongoing pandemic, but instead contain various forms of malware, such as the Agent Tesla password-stealer.
If cybercriminals are not sending out malicious emails, then they are likely creating fake Zoom domains. In the last three weeks, Check Point discovered around 2,449 new Zoom-related domains, 1.5 percent of which were classified as malicious and 13 percent considered “suspicious”.
Since January 2020, a total of 6,576 Zoom-related domains have been registered across the globe, which means more than a third (37 percent) of all Zoom-related domains were registered in the last three weeks alone.
Check Point also analysed the shifts in cybercriminal tactics in recent weeks, as the world adapts and responds to the coronavirus.
At first, hackers attached malware to informative resources such as transmission maps. Then, at the end of March, cybercriminals shifted their focus towards relief packages and stimulus payments.
Now, as the world eases into the “new normal”, hackers have begun creating domains related to life after the coronavirus, as well as linked with information surrounding a possible second wave of infections.