Attributed to: Ryan Olson, Vice President of Unit 42 Threat Intelligence at Palo Alto Networks
If you told me at the start of 2020 that for the first time in the history of cybersecurity, we’d see every industry and every type of device across the globe targeted by attacks based around a single theme, I wouldn’t have believed you. If you told me this theme would hinge on exploiting a global pandemic and attackers would target even medical researchers on the front lines trying to stop this disease, I wouldn’t have believed that either. Yet, here we are, and our reality indeed includes a cybercrime gold rush aimed at taking advantage of COVID-19.
The researchers on the Unit 42 threat intelligence team at Palo Alto Networks are closely tracking a plethora of COVID-19-themed cyber-attacks that have emerged around the world over the past few months. Since the beginning of this year, we’ve identified more than 40,000 newly registered websites, using a coronavirus-related name, which we’d classify as “high-risk” sites due to the scams and malware being pushed onto unsuspecting consumers.
The global impact of the COVID-19 pandemic, coupled with a lack of trust in the government and media as reliable sources of information, has ultimately created a perfect storm for cybercriminals to have greater success. People are constantly looking for new sources of supplies and information, and cybercriminals have taken the opportunity to exploit this.
Why It Matters
Attackers have honed in on the opportunity around people searching for COVID-19 updates and shopping for essential goods online by creating profit-motivated attacks.
We’ve found:
We’ve also uncovered – and blocked – a wide variety of cyber threats globally that are recklessly targeting government healthcare agencies, local and regional governments, and large universities that are dealing with the critical response efforts of the COVID-19 pandemic. Regions impacted include the US, Canada, Germany, Turkey, Korea and Japan.
We’re continuing to monitor and protect against these threats, but it’s important to note that these shifts in behaviour highlight that cybercriminals are investing time and resources to bolster their attacks.
With COVID-19 cases continuing to rise in certain countries, and a second wave of the virus anticipated to hit later this year, we’ll continue to see evolving themes from attackers related to news of the pandemic. Additionally, we also anticipate that the U.S. will likely be targeted more by attackers compared to countries that no longer have COVID-19 causing an impact on daily life (such as New Zealand).
We also expect to see a spike in cybercrime as economies go into recessions. With unemployment numbers around the world dramatically growing, some people will inevitably turn to cybercrime, as typically happens in economic downturns.
Lastly, given that more of the workforce is now working remotely from home, we anticipate an increase in attackers targeting home routers and other Internet of Things (IoT) devices to compromise home networks.
With more employees working from home and no longer being protected by an enterprise security tool and corporate firewall, attackers may begin trying to steal sensitive corporate data that they couldn’t typically access as easily before. Consumers should make sure that their physical router isn’t using the default password that comes with the router (often just “Admin”). They also should update it to the latest firmware version. Too often, consumers create a password for only their wireless network and do not realize that the physical device also needs to have a unique password.
Here are our recommended tips for consumers and businesses to stay safe during this time: