There has been a sharp increase in the number of COVID-19 themed cyberattacks in the past two weeks according to Check Point. Check Point has been tracking phishing attacks and other cybersecurity incidents and identified 192,000 COVID-19 themed attacks in the past two weeks.
Most of the cyberattacks were phishing attacks where authorities on SARS-CoV-2 such as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) were spoofed. The emails used in the campaigns claim to offer up to date information on various aspects of the virus and the COVID-19 response. In one campaign, WHO was impersonated and the emails claimed to provide the latest information on the first human trials of a vaccine; however, opening the email attachment would trigger the download of keylogging malware.
Even though some domain registrars are taking steps to limit the sale of COVID-19 and coronavirus-themed domains, large numbers of new domains are still being registered and are being used in phishing campaigns. Check Point detected around 20,000 newly registered COVID-19 or coronavirus-themed domains in the past three weeks, which accounts for 22% of the total that have been registered since the start of the outbreak. 2% of those domains were confirmed to be malicious and 15% were deemed suspicious.
In addition to those domains, there has been a marked increase in the registration of domains related to the teleconferencing platform Zoom. Check Point reports that 2,449 new domains featuring the word Zoom have been registered in the past three weeks which is more than one third (37%) of the total number of Zoom-related domains that have been registered since the start of the outbreak. 1.5% of those domains were confirmed as malicious and 13% were suspicious. The large increase in domain registrations indicates there could be an increase in Zoom-related phishing campaigns in the near future.
While these new domain registrations and the large increase in COVID-19 themed cyberattacks have increased, there Is no indication that cybercriminal activity has increased significantly since the start of the outbreak. What appears to be happening is cybercriminal organizations have simply changed tactics and have stopped other campaigns to concentrate on COVID-19 themed campaigns as they have a greater chance of success.