Israeli researchers warn of 'escalation' in coronavirus cyber attacks

Hackers have embraced the soaring popularity of Netflix as part of their web-based fraud schemes. We have to "exercise good cyber hygiene, and be extra cautious when receiving documents and links."

A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. (photo credit: REUTERS/STEVE MARCUS)
A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S.
(photo credit: REUTERS/STEVE MARCUS)
Researchers at Israeli cybersecurity giant Check Point have identified a dramatic escalation in the number of coronavirus-related cyberattacks. The overall number of cyberattacks have dropped, they said.
Between January and March, Check Point’s ThreatCloud intelligence engine found a 17% monthly decline in cyberattacks on organizational networks worldwide.
Since mid-February, coronavirus-related cyberattacks have soared, the researchers said. During the past two weeks, the number of daily attacks has increased from a few hundred to more than 5,000 on March 28. The average is now more than 2,600 attacks daily, it said.
Coronavirus-related attacks were defined as those involving websites with “corona” or “covid” in their domain name, files with coronavirus-related file names and files distributed in emails with coronavirus-related subject lines.
Some 84% of attacks were triggered by phishing websites, which attempt to trick users and collect sensitive data while appearing to be legitimate websites. About 2% of attacks involved victims accessing the malicious website using a mobile device.
More than 30,100 new coronavirus-related domains were registered over the past two weeks, of which 0.4% (131) were confirmed as malicious and a further 9% (2,777) were deemed suspicious, Check Point said. More than 51,000 coronavirus-related domains have been registered since January 2020.

Graph of escalating coronavirus-related cyber attacks (Credit: Check Point)Graph of escalating coronavirus-related cyber attacks (Credit: Check Point)
“The significant incline in coronavirus-related cyberattacks is in correlation with the devastating news about the situation in the United States and European Union,” Threat Intelligence data manager Omer Dembinsky said.
“As the number of physical casualties increases, so does the number of cyberattacks relating to the virus,” he said. “We can expect this trend to continue in the near term.”
As individuals are ordered to stay home and the Netflix streaming service enjoys increased subscriber growth as a result, hackers have embraced the brand as part of their Web-based fraud schemes.
The number of phishing attacks by domains posing as Netflix websites has doubled in recent weeks, Check Point said. Some fraudulent websites offer payment options in an effort to obtain user details and financial information.
“Clearly, hackers are shifting their resources away from targeting businesses, as most of us are now working from home, and toward activities that can reach us directly in our homes, such as Zoom and Netflix, which we have recently conducted research on,” Dembinsky said. “It will be important for us all to exercise good cyber hygiene and to be extra cautious when receiving documents or links.”
To avoid falling victim to attempted scams, users should be suspect of lookalike domains and unfamiliar email senders, be cautious with files received via email from unknown senders, only order goods from authentic sources, be suspect of special offers and not reuse passwords for different applications and accounts, the Check Point researchers said.