The pandemic has been a powerful catalyst for much hacking increases during the first half of 2020, with weekly COVID-19-related phishing attacks increasing from under 5,000 in Feb. to over 200,000 by late April.
All types of cyber-attacks were up 34% from March to April, says Check Point’s mid-year report. The attacks included everything from nation-states gathering intelligence about prospective vaccines, or disrupting rivals’ handling of the deadly virus to consumers stepping up their online purchases, & work-from-home as the new normal.
500% Increase
The World Health Organization (WHO) experienced a 500% increase in attacks.
In the last 6 months, the way we live & work has changed beyond recognition,” the report observed, referring to the COVID-19’s impact. “To put it simply – life on earth has gone online. The change was not gradual but happened seemingly overnight.”
Findings
Among the report’s additional findings are:
- Crypto miners lead cyber-attack categories globally, making up nearly 20% of all cyber-attacks.
- E-mail attack vectors (78%) dominate web attack vectors (22%).
- Excel files (exe) are the top malicious files across web (42%) & email (26%).
- 80% of the observed attacks used vulnerabilities reported & registered in 2017 & earlier.
- More than 20% of the attacks used vulnerabilities that are at least 7 years old.
Escalation
Regarding the escalation of pandemic-related cyber-attacks, the nation-states type “has seen a surge in intensity & escalation in severity.”
In the first half of 2020, Check Point observed a new form of ransomware, which it called “double extortion,” in which attackers exfiltrate large quantities of data prior to encrypting it. Victims who refuse to pay the ransom are threatened with the data being leaked, putting extra pressure on them to meet the criminals’ demands.
Other noteworthy trends over the past 6 months include:
Mobile exploits diversify: Mobile device infection vectors expanded & bypassed security protections, placing malicious apps in official app stores. One threat player used a large international corporation’s Mobile Device Management system to distribute malware to over 75% of its managed mobile devices.
Cloud exposure: Increased reliance on public cloud storage because of the pandemic led to an increase attacks targeting sensitive cloud workloads & data.
The 27-page report’s charts & statistics includes Cyber Attack Categories by Region, & a breakdown of malware types dispersed geographically, a list of the top vulnerabilities, & a chronology of major attacks.
Global Response
“The global response to the pandemic has transformed & accelerated threat players’ business-as-usual models of attacks during the 1st half of 2020, exploiting fears around COVID-19 as cover for their activities,” commented Maya Horowitz, Director of Threat Intelligence & Research, Products, at Check Point. “We have also seen major new vulnerabilities & attack vectors emerging, which threaten the security of organisations across every sector.”
Whether Check Point had any predictions for the near future, Maya Levine, Check Point Technical Marketing Engineer, explained, “It is difficult to predict the attack types threat actors will be using during the next 6 months.”
Cryptocurrency
Levine cited for example that when cryptocurrency went down in value, a significant decrease in crypto-mining attacks followed. Furthermore, constantly new emerging attacks have yet to be invented.
Check Point researchers found that since Jan. 4, 305 domains related to coronavirus-related stimulus or relief packages have been registered globally, creating scam websites that capitalise on coronavirus news, supposedly providing financial incentives, & prey on fears, tricking people into using the websites or clicking on links.
“94% percent of coronavirus-related attacks we discovered were phishing attacks, whilst 3% were mobile attacks (either via dedicated mobile malware, or via malicious activity carried out on a mobile device),” Levine disclosed.
