According to a recent report from ZScaler, there has been a 30,000 percent increase in COVID-19 themed cyber attacks between January and March 2020. Out of the total attacks detected, 25 percent were launched through malicious websites. These include more than 130,000 suspicious newly registered domains (NRDs) meant for COVID-19 related attacks.
Fake domains as a weapon
Cybercriminals are registering new domains using words and themes associated with the current pandemic to evade detection from blocklists. The most common keywords include test, mask, Wuhan, kit, and more. Apparently, the purpose of these fake NRDs is to increase the profits of threat actors or to harvest credentials.
The victim countries
As per the report from Unit 42 Palo Alto Networks, the US has the highest number of malicious domains related to COVID-19. This is followed by Italy, Germany, and Russia.
Breaking the chain
Over the past few weeks, several federal agencies have taken up the task of cleaning these malicious domains in organized ways.
- The National Cyber Security Centre (NCSC) has taken down 2000 websites that pretend to give advice or services related to the pandemic.
- Additionally, it has also launched a Cyber Aware programme to provide advice to the public and encourage citizens to report suspected email scammers.
- The Her Majesty's Revenue and Customs (HMRC) has formally asked Internet Service Providers (ISPs) to remove 292 malicious web addresses exploiting the coronavirus outbreak since March 23.
- The US DoJ along with several private companies disrupted hundreds of websites that tried to exploit the current COVID-19 pandemic. Apart from these, the FBI has set up an operation to identify and shut down malicious campaigns following a wave of complaints from residents.
Being wary is the key to tackle scams. Users should be careful enough and avoid sharing personal and financial details with unfamiliar websites.