Coronavirus-themed spam increases 4300% since February

NEW DELHI: The covid-19 pandemic has created a unique opportunity for cybercriminals to target companies. There has been a 4,300% increase in coronavirus-themed spam on the internet since February, IBM’s threat intelligence sharing platform, X-Force, has found.

“Cybercriminals are using the coronavirus outbreak to drive their business, with virus themed sales of malware assets on the dark web and even virus-related discount codes,” the team said in a blog post. It also found that covid-19 themed domains on the internet are 50% more likely to be malicious.

“A number of other scams imply association with legitimate health organizations like the World Health Organization and the US Centers for Disease Control and Prevention (CDC),” the team wrote. But the threats are not only against regular citizens looking to get information on the virus and becoming victims of a cyberattack.

Individuals may not be the intended targets all the time. Instead, attackers are going after high net worth individuals working for big corporates. According to data from Barracuda Networks, phishing attempts worldwide have soared by 600% since the end of February, including traditional impersonation scams, but also business email compromise (BEC) and extortion attacks. “There have been a host of social engineering attempts related to financial stimulus that we have seen, and these are tailored to covid-19 and are extremely relevant in today’s time,” said Saket Modi, Co-founder and CEO of enterprise cybersecurity platform provider Lucideus.

“There has been extensive chatter on the dark web, where cyber criminals are drawing consumers in the name of selling Coronavirus vaccines, medical masks etc,” he said. He said 90% of all attack have a human element to it and the number of these attacks have skyrocketed in recent times.

As employees work from home, a single laptop is being used by multiple people. That leaves a company executive more vulnerable than they were before. In the office environment, they’re behind an enterprise firewall and other security measures, whereas home networks aren’t as secure. Furthermore, a family member who doesn’t have training is much more likely to click on a malicious link or visit malicious websites.

“Organisations need to swiftly adopt Cyber Risk Qualification (CRQ) platforms to ensure they have an objective and clear view not only into the organization wide cyber risk posture, but also understand, map and action on the cyber risk posture of their employees,” Modi said.

It’s worth noting that the cyberattacks in question aren’t new, but their number has gone up in recent times. An ad on dark web website, Own Shop, spotted around the beginning of April, claimed to sell the blood and saliva of a coronavirus infected patient. While the pandemic hasn’t spurred new technologies or methods for attackers to infiltrate individuals or businesses, it has given them a whole new hoax to created.