30,000% increase in pandemic-related threats

An increase of 30,000% in pandemic-related malicious attacks and malware was seen in March by security researchers at cloud security firm Zscaler when compared to the beginning of 2020 when the first threats started using COVID-19-related lures and themes.

On any given day, Zscaler's cloud security products are processing more than 100 billion transactions from over 4,000 enterprise customers, with 400 of them being on Forbes' Global 2000 list of the world’s largest public companies.

Roughly 380,000 malicious attacks and malware were detected during March 2020 said Deepen Desai, VP Security Research & Operations at Zscaler, in a blog post.

"No, that is not a typo. Since January, we have seen an increase of 30,000% in phishing, malicious websites, and malware targeting remote users—all related to COVID-19," he said. "In January, we saw (and blocked) 1,200 such attacks. How many did we see in March? 380,000!"

This huge spike in threat activity exploiting the population's fears surrounding the COVID-19 pandemic from last month followed another large increase in February when Zscaler saw 10,000 coronavirus-themed attacks.

In all, Zscaler detected an 85% increase in pandemic-related phishing attacks targeting remote enterprise users, a 25% boost in malicious sites and malware samples blocked, and a 17% increase in threats directed at enterprise users.

The researchers also saw over 130,000 suspicious newly registered domains with COVID-19-related mentions including test, mask, Wuhan, kit, and others.

According to daily updated stats, FTC says that over $19 million were lost to Coronavirus-related scams according to numbers based on consumer complaints received since January 2020. Ten days ago, the reported total loss was of just over $12 million.

At the end of March, Cisco Talos said that it "has already detected an increase in suspicious stimulus-based domains being registered" and staged for COVID-19 relief package themed attacks.

The FTC also warned consumers in February about scammers taking advantage of the pandemic to lure potential U.S. targets via phishing emails, text messages, and social media.

A week ago, Google said that Gmail's built-in malware scanners blocked about 18 million phishing and malware emails using COVID-19-themed lures within a single week.

Around 60,000 attacks out of millions of targeted messages feature COVID-19 related malicious attachments or URLs per Microsoft, according to data collected from thousands of email phishing campaigns every week.

"In a single day, SmartScreen sees and processes more than 18,000 malicious COVID-19-themed URLs and IP addresses," Microsoft said.

It is important to mention that, based on Microsoft's threat intel, the actual volume of malicious attacks hasn't increased but, instead, malicious actors have been repurposing infrastructure used in previous attacks and rethemed their attack campaigns to abuse the COVID-19 pandemic.

"While that number sounds very large, it’s important to note that that is less than two percent of the total volume of threats we actively track and protect against daily, which reinforces that the overall volume of threats is not increasing but attackers are shifting their techniques to capitalize on fear," Microsoft 365 Security Corporate Vice President Rob Lefferts said.

During early April, the United States' CISA and the UK's NCSC issued a joint alert regarding ongoing COVID-19 exploitation saying that both cybercriminal and state-backed advanced persistent threat (APT) groups are actively exploiting the COVID-19 global pandemic.

Comments are closed.