“If you told me in early 2020 that in a few months – and for the first time in the history of cyber security – every industry, device, and country would be exposed to cyber attacks under one major issue, I would not believe you. If you told me this issue is a global epidemic And researchers working tirelessly to stop the spread of the epidemic, I was even more skeptical, “said Ryan Olson, vice president of cyber-threat intelligence at Palo Alto Networks. “Despite this – this is our reality today; this is the ‘gold rush’ of cybercriminals, who are exploiting the plague for their own benefit.”
Palo Alto Networks publishes a comprehensive study of Unit 42 – the company’s cyber threat intelligence team, which deals entirely with the cyber attacks that took place under the auspices of the Corona plague. According to Olson, since the beginning of the year, Unit 42 researchers have identified more than 40,000 new sites registered using the virus-related name, which we classify as “high-risk” sites for fraud and malware to which unsuspecting surfers are exposed.
“Investigators are closely monitoring the plethora of cyberattacks under the ‘Covid-19’ umbrella that have occurred around the world in recent months,” Olson said. “The global impact of the Corona epidemic coupled with a lack of trust in government and media as reliable sources of information, has ultimately created the perfect storm for cybercriminals. People are constantly looking for new sources of information, and cybercriminals have seized the opportunity for their own well-being.”
The main findings
The attackers are targeting people who are looking for content and information about the corona plague, or those who, following the plague, are making online purchases in search of essential products. Fake online stores: offering mostly sought-after items like face masks or hand sanitizers at a discounted price but did not deliver the goods. Similarly – offers to purchase e-books on the subject of the corona that do not actually exist. In practice these sites do not provide any product after the purchase is completed, and steal the money along with the personal and financial information that the surfers upload.
We have evidence that there are masses of “dormant” sites that are just waiting to be activated and then start operating. Some scam sites use the cloud services of large companies (Amazon, Google, Microsoft and Alibaba): When sites are located in the cloud, it is easier to evade detection (thanks to the rigorous filtering and monitoring processes and probably because of the higher costs of using them) ).
In recent months, we have uncovered – and blocked – a wide range of cyberattacks around the world targeting government health agencies, other government bodies, and large universities that are responding and researching everything related to the corona virus. Such attacks have occurred in the United States, Canada, Germany, Turkey, Korea and Japan.
“It is not surprising that cybercriminals are seizing the opportunity for their own gain, and it is clear to us today that those who are successful in their field will continue this way and take every measure to stay that way for a long time. We will continue to fight, “Olson explains.
As the epidemic continues to spread, we will continue to see the sophistication of cybercriminals. For example, towards the end of June and the anticipation of the “second wave”, we identified a lot of malicious emails with the headlines “Face Mask / Forehead Thermometer” or “Equipment: Medical Mask, Goggles And thermometer “- topics that are more related to protection, to preparing to go out into the world in the face of staying at home.
“We anticipate that criminals will focus on the countries where the epidemic continues to exist, particularly the United States, and not on countries that have ‘defeated’ the epidemic, such as New Zealand. We anticipate an increase in cybercrime as economies get closer to recession. As the number of unemployed around the world increases dramatically, there are people who will turn to online crime, as history shows. We anticipate an increase in attackers targeting home routers and other Internet of Things devices to damage home networks, as much of the employment takes place in the home space. ”