Researchers at Zscaler observed an increase of 30,000% in Coronavirus-themed attacks in March when compared to the beginning of 2020.

Researchers from Zscaler observed an increase of 30,000% in Coronavirus-themed attacks in March when compared to the beginning of 2020.

In January experts started observing first attacks using COVID-19-related lures and themes, just two months later in March they detected roughly 380,000 malicious attacks.

“Since January, we have seen an increase of 30,000% in phishing, malicious websites, and malware targeting remote users—all related to COVID-19. In January, we saw (and blocked) 1,200 such attacks. How many did we see in March? 380,000! ” reads the blog post published by Zscaler.

Zscaler detected an 85% increase in phishing attacks targeting remote enterprise users, a 25% increase in malicious sites and malware samples blocked, and a 17% increase in threats directed at enterprise users.

Since the beginning of the outbreak, experts detected more than 130,000 suspicious newly registered domains (NRDs) using keywords related to the Coronavirus pandemic (i.e. test, mask, Wuhan, kit, and more).

In February, Zscaler researchers saw 10,000 coronavirus-themed attacks.

Corona themed hack

“Phishing attacks based around COVID-19 targeted corporations as well as consumers. On the corporate front, spear-phishing emails were designed to look as if they were coming from the recipient’s corporate IT team or payroll department.” continues the report. “On the consumer side, we saw malicious emails asking for personal information as a way to help individuals get their government stimulus money, and we saw those soliciting donations for COVID-19-based causes.”

Zscaler researchers reported the case of weaponized PowerPoint document targets users in Brazil, in one case attackers used documents that supposedly contained a list of hotels that had been affected by COVID-19.

One of the effects of the COVID-19 pandemic is an increase of online purchases, for this reason, e-skimmer gangs like Magecart remain active in the wild. Zscaler also observed Coronavirus-themed attacks across several different threat categories, including the infamous Nigerian 419 scam.

Below recommendations provided by Zscaler:

  • Stick with reputable sources for COVID-19 information
  • Be wary of requests for emergency funds via email (call the sender to confirm, even if it appears to be from a known contact)
  • Do not open links or attachments from unknown sources
  • Enable two-factor authentication
  • Patch operating systems and apply security updates
  • Activate SMS/email notifications for any financial transactions

A few days ago, Google announced to have blocked about 18 million phishing and malware COVID-19-themed attacks against Gmail users.

Pierluigi Paganini