2020 has had no shortage of difficult headlines. The pandemic has touched our lives in unprecedented ways. It has put health at risk, business at risk, social lives on hold. The pandemic has also emboldened cyber criminals. Many are using the Covid-19 crisis to profit from malware and social engineering attacks.
An increase in cybercrime is common in any crisis. The worldwide economic crisis in 2008 led to many cyber-attacks due to company capital decreasing and individuals becoming an easy target. Covid-19 is a widespread global crisis the likes of which have not been seen for a century or more. With that, the opportunities for cyber-crime are larger than ever.
From email scams and ransomware, to fraudulent Coronavirus domains, we have gone through ten of the most unnerving facts that have surfaced amid the pandemic so far – and why you should be alert to the rising threat landscape.
Scams increased by 400% over the month of March, making Covid-19 the biggest ever security threat
Even as early as March, cyber criminals were seen to be taking full advantage of a time of crisis and a vulnerable population. According to research by ReedSmith, cyber security scams increased by 400% over the month of March.
Criminals know that the population are overwhelmed with information and not sure which is legitimate or not, so are far more likely to fall victim to malicious links or attachments. Furthermore, with subsequent lockdowns to the pandemic forcing organisations to make an unprecedented transition to remote working, scammers have realised this is an environment they can thrive in.
The number of unsecured remote desktop machines rose by more than 40%
There has been a massive increase in the number of remote desktop connections which enable staff to work from home – as you would expect with so many new remote staff. Unfortunately, because people are going from using secured office machines to home machines which generally have less stringent security features on them, security can become an issue. According to a Webroot survey, there has been over a 40% surge in unsecured machines running RDP (Remote Desktop Protocol).
The issue with using an unsecured machine to run your organisations RDP is that cyber criminals will use brute force attacks to gain complete access of that machine and therefore, a company’s network. And once they do that, big cyber security issues can occur.
Email scams related to Covid-19 surged 667% in March alone
Research from Barracuda Networks highlighted how the number of phishing scams related to Covid-19 skyrocketed in March.
These email scams worked in a similar form to the normal phishing scams, whereby cyber criminals trick their victim into clicking onto malicious links or attachments, giving their credentials or sending money. However, the difference is that in the emails they use Covid-19 to their advantage by capitalising on the fear and uncertainty generated by the pandemic.
In April, Google blocked 18 million daily malware and phishing emails related to Coronavirus
Google has seen first-hand some of the attempts cyber criminals have made to capitalise on the pandemic. For example, they say cyber criminals attempt to send individuals a variety of emails which appear to come for well-known authorities such as the World Health Organisation (WHO), in an effort to get the recipient to download malicious software or donate to fake charities. Google also say that cyber criminals are trying to take advantage of government support packages by mimicking public institutions.
Fortunately, Google have previously stated that more than 99.9% of these emails can be blocked from reaching its users through its machine-learning software. They reported blocking 18 million scam emails related to Covid-19 in April alone.
Users are now three times more likely to click on pandemic-related phishing scams
While tech giants such as Google are trying their best prevent scams reaching the inboxes of unsuspecting users, there is not much they can do if these scam emails do manage to get through. In a test performed amid the pandemic, researchers found that users are three times more likely to click on a link in a phishing scam now, than they were pre Covid.
Of course, cyber criminals get more advanced every day, and for those who are not aware of the technique’s cyber criminals use, spotting phishing scams can be especially hard.
Tens of thousands of new Coronavirus related domains are being created daily
There are currently around 5.7 billion search results for “COVID-19” on Google. Clearly, it is something on the minds of many of us, including cyber criminals.
ZDNet have been tracking the rise in Covid19 websites since the beginning of the pandemic and according to multiple reports, cyber criminals are creating tens of thousands of new Coronavirus related domains daily – and not all for the right reasons…
90% of newly created Covid-19 domains are fraudulent
According to this same research by ZDNet, 90% of these newly created Covid19 related domains are fraudulent. In fact, most of them have been found to be used to distribute malware, host phishing attacks or for financial fraud.
“While we found some legitimate sites here and there, in nine out of ten cases, we found a scam site peddling fake cures, or private sites, most likely used for malware distribution only to users with a specific referral header.”
More than 530,000 Zoom accounts are sold on the dark web
The rise in remote working resulted in an unprecedented rise in the use of video conferencing tools, many using Zoom. The platform quickly became the ‘go-to’ for users looking for a free and easily accessible way to stay connected with colleagues, friends and relatives.
Zoom has had its fair share of security issues throughout this time, with the rise of ‘Zoom bombing’, where pranksters join Zoom calls to broadcast inappropriate and shocking videos, being most prevalent. However, the site Bleeping Computer has found another security issue - according to their reports, they found more than half a million Zoom credentials for sale.
A 2000% increase in malicious files with 'Zoom' in the name
While we’re on the topic of the Zoom, research analysts at Webroot reported that they were seeing a 2000% increase in malicious files containing Zoom in the name.
“It’s not surprising to see this trend,” comments Marcus Moreno, manager of threat research at Webroot, “As with any major current event, malicious actors observe this as a lure opportunity.”
Moreno then added how he expects “to see this trend continue not only for Zoom but also for any other platform or site that has seen an increase of traffic or use as a result of this pandemic.” For example, Webroot threat research analyst Connor Madsen has reported that “adware variants have been found spoofing Microsoft’s Teams video conferencing while performing malicious activities in the background.”
Covid-19 drives 72% to 105% ransomware spike
According to the Skybox Security 2020 Vulnerability and Threat Trends Report, ransomware samples shot up 72% since the pandemic began. Other research reports have released more worrying figures though. For example, SonicWall’s 2020 Cyberthreat report saw a 105% increase.
Although the research in these reports are not necessarily Covid-19 related, the huge jump in numbers is enough for us all to be concerned. The SonicWall report does say “While it's impossible to determine causation, a strong correlation can be found in the ransomware graph and the patterns of COVID-19 infections.”
What can we learn?
Covid-19 has really bought into focus just how important it is for businesses and individuals to take cyber security seriously. Almost overnight, cyber criminals looked for ways to capitalise from the pandemic and unfortunately, were successful in their methods thus far, as you can see from the facts in this blog.
The fact of the matter is cyber-crime is still on a steep rise and it’s not going away anytime soon. Indeed, experts have warned that after the pandemic subsides, it won't get easier – if anything, it could get much worse. As a result, there has never been a better time for you to get your cyber security in check.
The entrust IT Group have substantial experience in helping businesses with their cyber security and know how important it is. We act to take away the pressures that come with protecting your business from cyber threats and want to place them onto our own shoulders so that you can focus on important projects such as surviving throughout a pandemic. Please get in touch with a member of the team on 0330 002 0045 or email enquiries@entrustit.co.uk if you think you too could benefit from our help, like so many other businesses already have.
