Research conducted by Check Point has revealed a 30% increase in coronavirus-related cyber attacks compared to previous weeks.
Cybersecurity researchers found that most of these attacks start with phishing emails in which criminals often impersonate the World Health Organisation (WHO), United Nations or Zoom to trick users into clicking on links or opening infected documents.
The WHO name and logo are popular choices, with cybercriminals sending malicious emails posing as the organisation from the domain “who.int” with the email subject “Urgent letter from WHO: First human COVID-19 vaccine test/result update” with a malicious document attached.
The document contains the infamous Agent Tesla malware, a password-stealing programme that comes with a key logger for hackers to gather usernames and passwords from a victim’s device.
In addition, Check Point researchers found two examples of extortion emails appearing to be from the UN and WHO that requested for funds to be sent to compromised bitcoin wallets.
In the last three weeks, around 2,449 new Zoom-related domains were registered, in which 1.5% were malicious (32) and 13% suspicious (320).
Since January 2020 to date, a total of 6,576 Zoom-like domains have been registered globally. This means that nearly 37% of Zoom-related domains were registered in the last three weeks alone.
Both Microsoft Teams and Google Meet are also being used to lure people. Users fell prey to phishing emails that came with the subject “You have been added to a team in Microsoft Teams”.
Researchers also found fake Google Meets domains like “Googelmeets\.com”, which was first registered on April 27, 2020. The link did not lead victims to an actual Google website.
- Comment: Equifax Rebound Shows Why Culture Matters
- Demand for Office Space Increases Amid Life Sciences Sector Growth
- Why Now is Not the Time to Take the Foot Off the Pedal With Hiring Apprentice Software Engineers
Check Point’s Manager of Data Research, Omer Dembinsky, commented: “We have noticed a change in criminals’ tactics over the last three weeks. Hackers have gone into over-drive to take advantage of the coronavirus pandemic.
“If you unpack these latest cyber-attacks, the theme of impersonation is a clear and strong one, especially using the WHO, the UN and Zoom as a cover for phishing.
“For example, the number of Zoom-like domain registrations in the past three weeks alone is staggering. More than ever, it is important to beware of lookalike domains and to be extra cautious of unknown email senders.”
Check Point recommends the following guidelines:
- Beware of lookalike domains. Watch for spelling errors in emails or websites, and unfamiliar email senders.
- Beware of unknown senders. Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
- Use authentic sources. Ensure you are ordering goods from an authentic source. One way to do this is to NOT click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
- Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
- Do not reuse passwords. Make sure you do not reuse passwords between different applications and accounts.