We all already know that cybercriminals take advantage of human weaknesses and high-profile situations for financial gain. Hence COVID-19 outbreak has been a great breeding ground for them. In this article, we’ll analyze cyber actor patterns and major cyber-threats detected since the Coronavirus pandemic came out.
COVID-19 cyber attacks in figures
As of March 30 2020, the FBI’s Internet Crime Complaint Center (IC3) has received and reviewed more than 1,200 complaints related to COVID-19 scams. Since WHO declared a pandemic on March 11, IBM X-Force has seen an increase of more than 6,000% in COVID-19-related spam. Coronavirus-Related Spear Phishing Attacks See 667% Increase in March 2020.
Of the coronavirus-related attacks detected through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.
Google is identifying more than 240 million COVID-related spam messages per day, and it had detected 18 million phishing and malware emails related to the pandemic each day. Overall, Gmail blocks more than 100 million phishing emails daily.
According to the latest Malwarebytes statistics, web skimming increased by 26 percent in March over the previous month. The second observation is how the number of web skimming blocks increased moderately from January to February (2.5%) but then started to go up from February to March (26%).
Telework threats
As teleworking has been a broad solution to maintain business continuity, some of the raised attacks are focused on telework applications like VPN (Virtual Private Networks), VOIP conference call systems, VTC (video-teleconferencing) or remote desktop services.
Due to the high peak of traffic of such services, a broad number of vendors are rushing to provide patches to solve availability and enhanced security.
Also, the lack of personal computer security or installing software from untrusted sources could be a weakness for user privacy and critical information leakages.
Education Technology Services
The fast adoption of education technology (edtech) to provide online learning and certified evaluations could be a potential target for user privacy and DDoS availability attacks.
Also, students could not be familiar with online platforms and they could fall easily into a social engineering fraud, so monitoring should be a good practice in this matter.
Healthcare and Government targets
Some of the attacks detected also targets healthcare and government information systems in order to produce collapse and confusion.
Also, there are some fraud cases due to the rushing purchase orders to obtain medical care protection of those sectors that include the loss of millions of dollars.
Email phishing attacks and scams
There are a lot of criminal activities via email during the COVID-19 outbreak. Individuals and businesses could receive informational emails apparently from legitimate WHO origins or even masquerading as government announcements, but including false information to create insecurity to the recipient either for financial gain or to gather user’s login credentials. Some of these emails could contain an offer to obtain COVID-19 vaccine which includes attachments with malware.
Business finantial department
Business email services, Customer Management Systems (CRM), and Enterprise Resource Planning services (ERP) are also highly relevant cyber-attack targets. Urgent and last-minute changes in wire transfers or recipient account information, communications only by email and refusal to communicate via phone, requests for advanced payment of services when not previously required, requests from employees to change direct deposit information, inquiries to allow the business to charge via credit card, are cases to be exploited by cybercriminals.
In addition, online stores have detected a much higher amount of brute-force attacks to enter the administration site, or even, DDoS attacks to hit the business availability.
Some Relianoid related articles
https://www.relianoid.com/knowledge-base/howtos/how-to-load-balance-and-create-highly-available-sip-and-pbx-services/
https://www.relianoid.com/knowledge-base/howtos/how-to-create-highly-available-and-scale-blackboard-services/
https://www.relianoid.com/knowledge-base/howtos/remote-desktop-gateway-and-rd-web-high-availability-for-rds-in-windows-server-2012/
https://www.relianoid.com/knowledge-base/howtos/high-availability-and-site-resilience-for-microsoft-exchange-2016-owa-cas-array-and-dag/
https://www.relianoid.com/knowledge-base/howtos/microsoft-active-directory-federation-services-adfs-load-balancing-high-availability-and-automated-disaster-recovery/
https://www.relianoid.com/knowledge-base/howtos/howto-load-balance-eclinicalworks-high-availability/
References
https://www.webarxsecurity.com/covid-19-cyber-attacks/
https://www.ic3.gov/media/2020/200401.aspx
https://www.cisa.gov/news-events/cybersecurity-advisories