An increase of 30,000% in pandemic-related malicious attacks and malware was seen in March by security researchers at cloud security firm Zscaler when compared to the beginning of 2020 when the first threats started using COVID-19-related lures and themes.
On any given day, Zscaler’s cloud security products are processing more than 100 billion transactions from over 4,000 enterprise customers, with 400 of them being on Forbes’ Global 2000 list of the world’s largest public companies.
Roughly 380,000 malicious attacks and malware were detected during March 2020 said Deepen Desai, VP Security Research & Operations at Zscaler, in a blog post.
“No, that is not a typo. Since January, we have seen an increase of 30,000% in phishing, malicious websites, and malware targeting remote users—all related to COVID-19,” he said. “In January, we saw (and blocked) 1,200 such attacks. How many did we see in March? 380,000!”
In all, Zscaler detected an 85% increase in pandemic-related phishing attacks targeting remote enterprise users, a 25% boost in malicious sites and malware samples blocked, and a 17% increase in threats directed at enterprise users.
The researchers also saw over 130,000 suspicious newly registered domains with COVID-19-related mentions including test, mask, Wuhan, kit, and others. Cyber-criminals register new domains to take advantage of words and themes associated with current events, and to evade detection from reputation blocklists. Because the domains are new, they won’t appear on any list of suspicious websites.
According to bleepingcomputer around 60,000 attacks out of millions of targeted messages feature COVID-19 related malicious attachments or URLs per Microsoft, according to data collected from thousands of email phishing campaigns every week.
“In a single day, SmartScreen sees and processes more than 18,000 malicious COVID-19-themed URLs and IP addresses,” Microsoft said.
“While that number sounds very large, it’s important to note that that is less than two percent of the total volume of threats we actively track and protect against daily, which reinforces that the overall volume of threats is not increasing but attackers are shifting their techniques to capitalize on fear,” Microsoft 365 Security Corporate Vice President Rob Lefferts said.
During early April, the United States’ CISA and the UK’s NCSC issued a joint alert regarding ongoing COVID-19 exploitation saying that both cybercriminal and state-backed advanced persistent threat (APT) groups are actively exploiting the COVID-19 global pandemic.
