Israeli researchers: Hackers aiming to exploit government financial aid

A major increase in malicious and suspicious domains related to relief packages have been registered in recent weeks, aiming to scam individuals into providing personal information.

By EYTAN HALON
A woman passes in front of an ATM cash machine of the BNP Paribas bank at the financial and business district of La Defense near Paris, France, February 4, 2020. (photo credit: REUTERS/BENOIT TESSIER)
A woman passes in front of an ATM cash machine of the BNP Paribas bank at the financial and business district of La Defense near Paris, France, February 4, 2020.
(photo credit: REUTERS/BENOIT TESSIER)
Hackers are exploiting the rollout of governmental financial relief to fill their pockets at the expense of businesses and affected workers, according to Israeli cyber researchers.
In recent weeks, governments have sought to ease cash-flow shortages and avoid a recession with ambitious stimulus packages and grants to households, including a massive $2 trillion economic package in the United States.  
According to researchers at Israeli cybersecurity giant Check Point, a major increase in malicious and suspicious domains related to relief packages has been registered in recent weeks. The hackers aim to scam individuals into providing personal information, thereby stealing money or committing fraud.
“To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January,” the researchers wrote in a recent report.
A total of 4,305 domains relating to new stimulus or relief packages have been registered since January 1. Last month, 2,081 new domains were registered, including 38 websites that were malicious and 583 that were suspicious, the researchers said. In the first week of April, 473 domains were registered, including 18 websites identified as malicious and 73 as suspicious.
A major increase was recorded in the week starting March 16, during which the US government proposed the stimulus package to taxpayers, when the number of new domains registered was 3.5 times greater than the average of previous weeks.
“These scam websites use the news of the coronavirus (Covid-19) financial incentives and fears about coronavirus to try and trick people into using the websites or clicking on links,” the researchers said. “Users that visit these malicious domains instead of the official government websites risk having their personal information stolen and exposed or payment theft and fraud.”
Some 94% of coronavirus-related cyberattacks during the past two weeks were phishing, which attempt to trick users and collect sensitive data while appearing to be legitimate websites. Another 3% were carried out via mobile malware or malicious activity carried out on a mobile device.
Coronavirus-related attacks were defined by researchers as involving websites with “corona” or “covid” in their domain name, files with corona-related file names and files distributed by email with coronavirus-related subject lines.
A “huge increase” in the number of attacks was also identified by researchers, soaring to an average of 14,000 a day, or six times the average number of daily attacks when compared to the previous two weeks. From April 7-14 the average number of daily attacks “increased sharply” to 20,000.
Approximately 68,000 new coronavirus-related domains have been registered since the beginning of the outbreak in January, including nearly 17,000 since April 2. Of the new domains registered in recent weeks, 2% were found to be malicious and 21% were identified as suspicious.