Cyber-threats and Cyber-security during COVID-19

Posted by Zevenet | 30 April, 2020 | Reports

We all already know that cybercriminals take advantage of human weaknesses and high-profile situations for financial gain. Hence COVID-19 outbreak has been a great breeding ground for them. In this article, we’ll analyze cyber actor patterns and major cyber-threats detected since the Coronavirus pandemic came out.

COVID-19 cyber attacks in figures

As of March 30 2020, the FBI’s Internet Crime Complaint Center (IC3) has received and reviewed more than 1,200 complaints related to COVID-19 scams. Since WHO declared a pandemic on March 11, IBM X-Force has seen an increase of more than 6,000% in COVID-19-related spam. Coronavirus-Related Spear Phishing Attacks See 667% Increase in March 2020.

Of the coronavirus-related attacks detected through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.

Google is identifying more than 240 million COVID-related spam messages per day, and it had detected 18 million phishing and malware emails related to the pandemic each day. Overall, Gmail blocks more than 100 million phishing emails daily.

According to the latest Malwarebytes statistics, web skimming increased by 26 percent in March over the previous month. The second observation is how the number of web skimming blocks increased moderately from January to February (2.5%) but then started to go up from February to March (26%).

Telework threats

As teleworking has been a broad solution to maintain business continuity, some of the raised attacks are focused on telework applications like VPN (Virtual Private Networks), VOIP conference call systems, VTC (video-teleconferencing) or remote desktop services.

Due to the high peak of traffic of such services, a broad number of vendors are rushing to provide patches to solve availability and enhanced security.

Also, the lack of personal computer security or installing software from untrusted sources could be a weakness for user privacy and critical information leakages.

Education Technology Services

The fast adoption of education technology (edtech) to provide online learning and certified evaluations could be a potential target for user privacy and DDoS availability attacks.

Also, students could not be familiar with online platforms and they could fall easily into a social engineering fraud, so monitoring should be a good practice in this matter.

Healthcare and Government targets

Some of the attacks detected also targets healthcare and government information systems in order to produce collapse and confusion.

Also, there are some fraud cases due to the rushing purchase orders to obtain medical care protection of those sectors that include the loss of millions of dollars.

Email phishing attacks and scams

There are a lot of criminal activities via email during the COVID-19 outbreak. Individuals and businesses could receive informational emails apparently from legitimate WHO origins or even masquerading as government announcements, but including false information to create insecurity to the recipient either for financial gain or to gather user’s login credentials. Some of these emails could contain an offer to obtain COVID-19 vaccine which includes attachments with malware.

Business finantial department

Business email services, Customer Management Systems (CRM), and Enterprise Resource Planning services (ERP) are also highly relevant cyber-attack targets. Urgent and last-minute changes in wire transfers or recipient account information, communications only by email and refusal to communicate via phone, requests for advanced payment of services when not previously required, requests from employees to change direct deposit information, inquiries to allow the business to charge via credit card, are cases to be exploited by cybercriminals.

In addition, online stores have detected a much higher amount of brute-force attacks to enter the administration site, or even, DDoS attacks to hit the business availability.

Some ZEVENET related articles

https://www.zevenet.com/knowledge-base/howtos/how-to-load-balance-and-create-highly-available-sip-and-pbx-services/
https://www.zevenet.com/knowledge-base/howtos/how-to-create-highly-available-and-scale-blackboard-services/
https://www.zevenet.com/knowledge-base/howtos/remote-desktop-gateway-and-rd-web-high-availability-for-rds-in-windows-server-2012/
https://www.zevenet.com/knowledge-base/howtos/high-availability-and-site-resilience-for-microsoft-exchange-2016-owa-cas-array-and-dag/
https://www.zevenet.com/knowledge-base/howtos/microsoft-active-directory-federation-services-adfs-load-balancing-high-availability-and-automated-disaster-recovery/
https://www.zevenet.com/knowledge-base/howtos/howto-load-balance-eclinicalworks-high-availability/

References

https://www.webarxsecurity.com/covid-19-cyber-attacks/
https://www.ic3.gov/media/2020/200401.aspx
https://www.cisa.gov/news-events/cybersecurity-advisories

SHARE ON:

Related Blogs

Posted by zenweb | 22 September 2021
We have recently witnessed a growing number of cyber-crimes prevailing in industries worldwide. While most regulatory and governing bodies are stepping up to prevent such incidents, it is yet evident…
176 LikesComments Off on 10 Importance of Information Security Audit
Posted by zenweb | 16 April 2021
ZEVENET is a smart company focused on the Application Delivery Controller market and really obsessed with the security in the delivery, for that reason we really know that today the…
348 LikesComments Off on ZEVENET Multi-Layered Security Overview in the Edge
Posted by zenweb | 23 March 2021
The world of the internet is full of people waiting to breach into your system. They want to get a grasp of your personal information and exploit it. This might…
321 LikesComments Off on Importance of Cybersecurity for Businesses