If COVID pandemic has you worried, then you may find the COVID cybercrime insight and statistics enough to keep you up at night with:
- Approximately 500,000 Zoom accounts are for sale on the Dark Web
- Most coronavirus domains are scams – 9 out of 10 of them in fact
- Brute-force attacks have increased by 400%
And that’s just the tip of the iceberg, there’s so much more.
David Gewirtz for ZDNet Government in preparation for his session on CBS Interactives about attack surface intelligence came across a number of alarming statistics to keep you wide-awake at night about cybercrime and their attacks during the pandemic. And you guess it, it’s gotten worse.
1. The number of unsecured remote desktop machines rose by more than 40%
As we all know, there’s been a huge increase in the number new remote workers. So now there’s a large amount of remote desktop connections from home to work (or the cloud). To clarify, there is a 40% increase in machines running RDP (remote desktop protocol) according to the Webroot study done by Channel Futures.
Well that makes sense you say. But importantly, the issues arise when machines are unsecured. Criminals can use brute force attacks to gain access to unsecured desktop machine. In other words, they can do some real damage once on the network via a desktop machine.
2. RDP Brute-Force attacks grew 400% in March and April alone
In an article by Catalin Cimpanu from ZDNet, Kaspersky, a cybersecurity company released a report back in April showing a massive jump in the RDP (remote desktop protocol) attacks. This data coincides with the start of the COVID pandemic. As a result, all these new remote desktop connections create a target-rich environment for the criminals. Combine this with the rush to get everyone working remotely, of course mistakes are made. Subsequently, this is one reason why a lot of the remote desktops are not secure. And what are the consequences of unsecured systems? Bruce-force attacks increase by 400%.
3. Email scams related to Covid-19 catapulted to a record 667% increase in March alone
COVID-19 related phishing scam exploded in March, according to Barracuda Networks, with the probability of the threat continuing in April and beyond. We not sure as we only have the March data at the- moment.
Criminals try to push a psychological nerve by sending emails about the pandemic to try and separate users from their credentials. So, it works the same as normal phishing scams, the tactics are just different.
People are now accepting emails that might not look as formal or professional as before pandemic because of the rushed remote set up. As a- consequence, they click on those messages or log into those real-looking sites. These emails can look like the read deal.
4. Users are now 3 times more likely to click on a pandemic related phishing- scams.
Courtesy of the Verizon Business 2020 Data Breach Investigations Report, states that even pre- COVID credential theft and phishing were the cause of over 67% of breaches. During the onset of COVID in March researchers found users were three times more likely to click on a phishing link and give away their credentials. So, a triple likelihood since COVID. But it doesn’t make matters better especially when criminals use email titles like “masks” “quarantine” “vaccine” “COVID cures.”
5. Billions of COVID-19 Pages on the internet
Interested in seeing the search results for the phrase COVID-19 on google, David Gewirtz clicked and checked, he got a staggering 6.1 million results back in August, today still 4.8 billion.
6. Tens of Thousands of New Coronavirus-related domains are being created daily
ZDNet found that tens of thousands of new unique coronavirus-themed domains are being created on a daily- basis. So they’ve been tracking the rise in these coronavirus-themed domains.
7. 90% of newly created Coronavirus Domains are scammy
As a result, 9 out of 10 of these domains are “peddling fake cures or private sites” according to Catalin from ZDNet research. During which Catalin says, they probably use them “for malware distribution only to users, with a specific referral header.”
8. More than 530,000 Zoom accounts sold on the Dark Web
As people are working away from the office, the use of desktop video conferencing has skyrocketed. And most people are using Zoom as their video conferencing tool of choice. However, Zoom had a particular security issue of concerned called “Zoom bombing.” Subsequently, the site Bleeping Computer reports it discovered over 500,000 Zoom credentials for sale, for only 1 penny, a Login ID. In other words, thousands of credentials for sales for peanuts.
9. 2000% increase in malicious files with “Zoom” in the name
Pre-Covid there wasn’t much of an interest in “zoom.” That is of course until we needed to connect to people without coming close, keeping a social distance. Then we see the use of zoom rise dramatically. So, with the increase in usage, criminals see the opportunity to take advantage.
As a result, since March Webroot (via Channel Futures) reports a 2,000% rise in malicious files containing the string “zoom.
10. Covid-19 Drives 72% to 105% Ransomware Spike
Skybox Security 2020 Vulnerability and Threat Trends have reported that since the onset of Covid-19 ransomware samples, that’s “captured malicious files and code” have gone up by a whopping 72%. Likewise the SonicWall’s 2020 Cyberthreat report have discovered an enormous 105% spike in the same timeframe.
While the samples are not necessarily related to COVID, the huge jump in numbers is certainly no coincidence. Even SonicWall, states that “while it’s impossible to determine causation, a strong correlation can be found in the ransomware graph and the patterns of COVID-19 infections.”
We all love a goodnight’s sleep so my advice is to make sure you have the right security for all your IT.
