Crashtest Security Blog

Has Corona infected your data too?

Jul 6, 2020 3:21:49 PM / by Hitesh Raja

As more and more companies insist employees to work from home during this pandemic, the whole cyber security of many companies are at huge risk. Can this lead to a network pandemic for companies and individuals? 

 


The global pandemic has upended all norms.

 

One of the primary challenges concerning cybersecurity specialists is cyberspace infrastructure itself. The increasing dependence on the internet goes hand in hand with the prospect of disruption. The unprecedented increase in traffic is stressing the internet’s infrastructure. This pressure, mixed with potential bottlenecks ( home-office Wi-Fi, national internet exchange points, seabed cables, and cloud servers), is contributing to a huge increase in exposure to cyberattacks.

 

In the first half of the year, DDoS attacks rose 278% compared to Q1 2019 and 542% compared to H1, per Nexusguard’s Q1 2020 Threat Report. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic. Internet service providers (ISPs) face increasing challenges to curb undetectable and abnormal traffic before they transform into uncontrollable reflection attacks.

 

Another challenge relates to online criminal activity. Cybercriminals are exploiting people’s fear and curiosity about the coronavirus to conduct cyberattacks. These illegal activities include phishing attacks, malware distribution, and cyberattacks against remote access or remote working infrastructure. According to CheckPoint (2020), since mid-February, there has been a rise in coronavirus-related cyberattacks from some hundred daily to as high as over 5,000 a day in March.

 

PricewaterhouseCoopers discovered waves of phishing attacks focusing on 50 leading Indian organizations which were fixing VPN (virtual private networks) and other infrastructure to help individuals with work from home. An outsized number of coronavirus-themed sites are registering every day, a substantial lot of which are malicious. The greater concern is that breaches are not immediately apparent. Hackers can utilize the coronavirus disruption to tunnel in and lie dormant with their malware whilst redirecting information or money until the breach is detected.

 

As has been reported across the globe, there are also state sponsored hackers, who realize without a doubt that home networks basically aren’t as secure as those in workplaces. Remote connections specifically make it increasingly troublesome for many threat detection tools to differentiate legitimate work from something suspicious. Phishing can be a sort of social engineering and the shift in working circumstances makes it easier for people to trust suspicious emails.

 

 

Weekly Coronavirus Cyber attacks

Sources: https://threatmap.checkpoint.com/

 

Zoom-like Domains Registrations Heighten

 

In the last 3 weeks, around 2,449 new Zoom-related domains were registered, in which 1.5% of these domains are malicious (32) and 13% are suspicious (320). Since January 2020 to date, a total of 6,576 Zoom-like domains have been registered globally. If you do the math, this means that nearly 37% of Zoom-related domains were registered in the last 3 weeks alone, since the advent of the coronavirus pandemic.

 

Hackers Impersonate Microsoft Teams and Google Meets

 

Both Microsoft Teams and Google Meet are also being used to lure people into traps. Recently, victims fell prey to phishing emails that came with the subject “You have been added to a team in Microsoft Teams“. The emails contained a malicious URL, http://login\.microsoftonline.com-common-oauth2-eezylnrb\.medyacam\.com/common/oauth2/, and victims ended up downloading malware when clicking on the “Open Microsoft Teams” icon that led to this URL. The actual link for Microsoft Teams is “https://teams.microsoft.com/l/team”.

 

Researchers also found fake Google Meets domains like “Googelmeets\.com”, which was first registered on April 27, 2020. The link did not lead victims to an actual Google website.

 

 

Coronavirus-related Domain Registrations Heighten

 

In the past three weeks, almost 20,000 (19,749) new coronavirus-related domains were registered, of which 2% of these domains are malicious (354) and another 15% are deemed suspicious (2,961).

Since the beginning of the outbreak, a total of 90,284 new coronavirus-related domains have been registered globally.

 

How to Stay Protected

 

To stay safe, Check Point outlines the following guidelines:

  1. Beware of lookalike domains. Watch for spelling errors in emails or websites, and unfamiliar email senders.
  2. Beware of unknown senders. Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
  3. Use authentic sources. Ensure you are ordering goods from an authentic source. One way to do this is to NOT click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  4. Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
  5. Do not reuse passwords. Make sure you do not reuse passwords between different applications and accounts.

 

All the information is sourced from official WHO sites.

 

Topics: WebApplicationSecurity, Cybersecurity

Hitesh Raja

Written by Hitesh Raja

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics