As the coronavirus pandemic intensifies its grip around the world, it may be difficult for people who constantly seek new information about it online to recognize that cyber-attackers have no compunctions about exploiting popular fear and uncertainty for their own benefit. Two recent reports indicate that malicious actors are actively exploiting people’s concerns about coronavirus to infect computers with malicious code.
On March 5, software firm Check Point reported that since January 2020, there have been more than 4,000 coronavirus-related domains registered globally. For example, according to CheckPoint data, weekly coronavirus-related domain registrations rose rapidly from approximately 100 as of January 13 to nearly 1,000 as of January 27 and nearly 1,000 as of February 10. Check Point found that of those 4,000 registered domains, 3 percent were found to be malicious and an additional 5 percent are suspicious. CheckPoint also concluded that coronavirus- related domains are 50 percent more likely to be malicious “than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day.”
In addition, CheckPoint reported that “a widespread targeted coronavirus themed phishing campaign was recently spotted targeting Italian organizations.” That campaign reached 10 percent of all organizations in Italy “with the aim of exploiting concerns over the growing cluster of infections in the country.”
On March 11, The Next Web reported that a security researcher at Reason Labs found that hackers are exploiting organizations that have created dashboards to track the spread of coronavirus “to inject malware into computers” and steal users’ information such as user names, passwords, credit card numbers that are stored in users’ browsers. The researcher found that hackers are designing websites that “pose as genuine maps for tracking coronavirus, but have a different URL or different details from the original source.”
Note: As more and more employees are working from home during the pandemic, they are likely to be using their computers for extended periods for both work and personal purposes. For that reason, information-security officers in all types of organizations should bring these reports to the attention of all corporate employees, and provide the following directions:
- Do not use your work computers to search for information about coronavirus developments. Even a single point of entry for a cyber-attacker can potentially result in compromise of an entire network.
- When you use your personal computer to seek out coronavirus information, do not click on every site that purports to offer virus-tracking or -reporting information, as “lookalike” domains are highly likely to be malicious. Instead, use only dashboards that you have verified come from the actual organizations presenting those dashboards.
- Ignore any websites, emails, posts, or texts that promise information about coronavirus “cures” or vaccines – there are none, according to the Centers for Disease Control and Prevention.
- If you see purportedly coronavirus-related emails, websites, or domains that appear suspicious, do not click on any of those links, but report them to a designated email address in your organization for reporting spam and fraudulent emails.