The year 2020 has not been a great start for the world and the pandemic novel virus shares much of the blame. It seems just like yesterday when coronavirus was traced from a fish market at Wuhan in January 2020 and led to the city’s lockdown. Gradually, this virus imprinted its roots all over the globe and shortly all countries had to submit before it.
This virus has impacted our daily lives, the global economy, and challenged our everyday practices. From changing how people interact daily to shifting work from office to home, coronavirus has urged us to prioritize safety in every walk of life. With the measures taken to work and interact online, there is an immediate concern demanding attention during this crucial time; cybersecurity. It is a fact that cyberattacks target the increased reliance on digital tools, and with the current situation across the globe, they avail the opportunity more than ever before.
Multiple sophisticated phishing email campaigns have been reported since Corona’s outbreak, which are designed to lure people into clicking and opening malicious attachments. These Malicious campaigns are a global cybersecurity concern, deploying heinous malware and ransomware on target machines. Successful phishing attacks can lead to damage to an organization’s integrity, confidentiality and availability, as they are aimed at information theft, data exfiltration and financial frauds.
With the word “covid” or “corona,” about 20,387 unique subject lines were observed in the past week that originated from 14,232 unique email sending domains and 20,337 unique SMTP IP addresses.
Reportedly, about 1,558 emails sent malicious executable files for windows with the following top subject lines:
Moreover, these emails were generated globally, from many countries, as the stats below reveal:
Considering the global alarming situation, cyber attackers also decided to fuse social engineering into their attempts. With the growing people concerns, hackers hit right on the nail by floating phishing emails. More than 100,000 phishing emails have been detected in the past week alone, most of which use the following subject lines:
The scarcity of N95 respirator masks helped these attackers to urge recipients’ response with the following subject lines:
Pushing the phishing scheme further, hackers also distributed emails which people desperate for some good news are likely to click:
There are thousands of new coronavirus themed domains exploding amidst the pandemic. Approximately, 17,774 newly created domains and 18,667 hosts registered in the past week contain COVID-19, COVID19, or coronavirus in their names.
Some of these domains are legitimate, but most of these are used for online financial fraud, distribution of malware-laced files, and to host phishing attacks.
Some of the blacklisted domains are listed below:
While organizations need to safeguard their digital equipment from cyber-attacks originated from fake domains and hosts, mobile apps are also being leveraged by cyber criminals to steal sensitive data and compromise their target’s confidentiality. With the on-going remote work fiasco, mobile phones are a critical asset for key communications between officials of an organization and need to be safeguarded with equal vigilance. Below are the stats for Corona-related mobile apps launched in the past week. While some of these may be legitimate, most of these apps leverage the hot topic to feed the attackers’ malicious intention of capitalizing upon the virus.
As coronavirus is rapidly making its way around the globe, the world is becoming more and more entranced with the subject. This provides cyber attackers with potential opportunities to compromise devices and sensitive data by tricking users into downloading malware.
In such a scenario, the following preventive measures must be abided by: