Cyber-Attacks Rises as Economic Stimulus Payments Start to Flow

With the coronavirus (Covid-19) pandemic shutting down major parts of the global economy, governments are responding with massive stimulus packages aimed at supporting businesses and individuals. And of course, where there's money, there will also be criminal activity.

Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that's in addition to the 240 million daily spam messages it sees related to coronavirus.

These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud. Ninety-four percent of coronavirus-related attacks during the past 2 weeks were phishing attacks, while 3% were mobile attacks

Since mid-February there has been an escalation in the number of coronavirus-related domains being registered. In the past two weeks, almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact). 2% of those domains were found to be malicious, and another 21% suspicious. In all, there have been 68,000 coronavirus-related domains registered since the beginning of the outbreak in January 2020.  

Organizations should prevent zero-day attacks with end to end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Check Point Infinity is effective because it combines two key ingredients: full convergence across all attack surfaces and all attack vectors, and advanced prevention that can tackle the most sophisticated zero-day phishing and account takeover attacks.