Researchers at Check Point Software Technologies have seen 192,000 coronavirus-related cyber-attacks per week over the past three weeks, a 30 per cent increase compared to previous weeks.
In the past three weeks, almost 20,000 new coronavirus-related domains were registered about 17 per cent of which are malicious or suspicious, Check Point said.
So far, since the beginning of the outbreak, a total of 90,284 new corona related domains have been registered globally.
The findings suggest that global response to the COVID-19 pandemic and people’s desire for the latest information about it have supercharged criminals’ and hackers’ business-as-usual models of phishing emails and fake websites.
Researchers also discovered new phishing campaigns impersonating the World Health Organization (WHO) and popular conferencing platforms, to steal sensitive information
For example, cyber criminals recently sent malicious emails posing as the WHO from the domain “who.int” with the email subject, “Urgent letter from WHO: First human COVID-19 vaccine test/result update” to lure victims.
The emails contained a file named “xerox_scan_covid-19_urgent information letter.xlxs.exe ” that contained the AgentTesla malware.
Victims who clicked on the file ended up downloading the malware.
Check Point said it also found two examples of extortion emails supposedly sent by cyber criminals impersonating the United Nations and WHO asking for funds to be sent to several known compromised bitcoin wallets.
Cyber criminals are also using fake Zoom domains for their phishing activity.
In fact, in the last three weeks alone, around 2,500 new Zoom-related domains were registered (2,449) and about 1.5 per cent of these domains are malicious (32) and other 13 per cent are suspicious (320).
Since January 2020 to date, a total of 6,576 Zoom-related domains have been registered globally.
And Zoom is not the only platform cyber criminals are impersonating — both Microsoft Teams and Google Meet have been used to lure victims too, warned the researchers.