Threat researchers at Check Point say they have observed a dramatic decrease in malicious Covid-19 coronavirus domains in Europe and North America as national lockdown measures begin to ease, but the danger is by no means past.
New data released by the company revealed that it caught 2,451 new Covid-19 domains in the first two weeks of June, 4% of them clearly malicious and 3% suspicious in some way. At the peak of the initial outbreak in the week beginning 16 March, Check Point recorded about 15,500 Covid-19 domains registered.
Overall, Covid-19 cyber attacks are also levelling off, down 24% from a peak of 200,000 a week on or around 20 April, to about 130,000.
Reflecting the so-called “new normal” that is emerging after the first wave of the pandemic, Check Point said cyber criminals’ tactics were evolving almost as rapidly as they did at the beginning of the outbreak.
The research team said that in many European markets it was now seeing hackers distributing phishing emails and malicious files disguised as education and training packages designed to ease remote workers back into office life.
“Employees everywhere should be cautious when opening emails and documents and make sure it is sent from a legitimate source inside their company,” said Omer Dembinsky, Check Point manager of data intelligence. “Lately, we’re seeing a trend of hackers leveraging household names, such as Microsoft Office 365, to trick employees. One thing is for certain: the coronavirus pandemic is leading us towards a cyber pandemic.”
In regions further back along their curve of infections, such as Africa, parts of Asia, and South America, malicious Covid-19 domains have seen double-digit percentage rises, suggesting Covid-19 is still a highly useful tool in the cyber criminal arsenal.
Reflecting on the impact of the pandemic on the cyber criminal landscape so far, Troy Gill, security research manager at email security firm ZIX, said: “Some of the most popular themes have been attacks posing as WHO [World Health Organization] notifications, CDC [Centers for Disease Control and Prevention] alerts and government-backed financial assistance opportunities. One attack of note we captured posed as an internal notification of a Covid-19 case within the organisation with a link to follow for instructions.
“These attacks will continue with new and inventive variations until the pandemic is well in the rear-view mirror.“
One new trend observed in June came about as the US and, to some extent, the UK and other countries saw widespread protests against systemic and institutional racism, which are now being exploited by threat actors.
Check Point said it had observed at least one malicious spam campaign related to the Black Lives Matter movement. This campaign distributed the Trickbot malware disguised as a .doc file, with subject lines including “Give your opinion confidentially about Black Lives Matter”, “Leave a review anon about Black Lives Matter”, or “Vote anonymous about Black Lives Matter”.
Political campaigners and activists can protect themselves against such campaigns by paying careful attention to lookalike domains, spelling errors in emails or website URLs, and unfamiliar senders, and be especially cautious if they receive files via email from unknown senders, especially if they prompt for actions you would not usually do.