Check Point solutions provider in the field of cybersecurity, recorded 192 thousand cases of attacks in a week, associated with a coronavirus in the past two weeks. This is 30% higher compared to previous weeks. All the attacks were related to the topic of coronavirus and was carried out with a fake domain that mimicked the web sites of international organizations, as well as a website platform Zoom.
Hackers often use the name of the world health organization (who) to carry out their attacks. Recently, cybercriminals have carried out the phishing emails from persons who (eng. World Health Organization, WHO) using the domain “who.int”. To attract the attention of the victim, in the subject line fraudsters stated: “an Urgent letter from the who test results first vaccine against COVID-19”. The letter was attached a file with the name “Xerox_scan_covid-19_urgent information письмо.xlxs.exe”. When it loads automatically installed the malware Agent Tesla, which is using a Keylogger, stole passwords from users ‘ devices.
the researchers Also couple phishing emails, where the UN and who the attackers are asked to send money for bitcoin wallets.
Over the past three weeks, there were about 2449 new domains Zoom, 1.5% of which malicious (32), 13% suspicious (320). From January 2020, the world has registered a total of 6576 domains that mimic the platform Zoom, among whom 37% were in the last three weeks after the announcement of the pandemic coronavirus.
the Attackers also often use the names of popular services of Microsoft and Google Teams Meet for tricking people. Recently users received phishing emails with the subject “You have been added to a team in Microsoft Teams” (“You were added to the team Microsoft Teams”). Clicking on the icon “Open Microsoft Teams” the victim passed by ZARagenoy the link, downloading to your device with malware. Official link to Microsoft Teams looks very different: https://teams.microsoft.com/l/team.
in addition, researchers at Check Point have discovered a fake Google domains Meets. For example, “Googelmeets.com” which was registered on April 27, 2020.
Over the past three weeks, there have been 19 749 new domains related to the topic of the coronavirus, of which 2% are malicious (354) and 15% — suspicious (2961). With the beginning of the outbreak in the world was registered a total of 284 90 new domain related COVID-19.
Researchers at Check Point revealed a correlation between the occurrence of fake domains and stages of the outbreak.
At the beginning of the pandemic often met domains containing live maps, which allowed to track the spread of the virus in different regions. Also popular were sites describing the symptoms of coronavirus. By the end of March attention was focused on various types of aid and payments, which were carried out in several countries.
Then widespread domains related to life after a coronavirus, and the domains that inform about the second wave of the epidemic. Throughout the entire period of the pandemic domains related tests and vaccines remain an undying trend for attackers. Their total number continues to grow.
Experts suggest to beware of domains similar to different popular sites to pay attention to spelling mistakes in emails or on web sites.
you Must be cautious with files received via email from unknown senders, especially if when opening you need to perform any action (click on the link or open an attachment to the letter).
When ordering, you must ensure that you use the official website. It is not necessary to click on links in emails. Instead, find the website alone.tionary with the help of search engines you are using.
Beware of “special offers”. Offer “exclusive cure of the coronavirus in 12 thousand rubles,” should call into question. Make sure you use a different password for each application and each account, the experts advise.
