Checkpoint report finds over 200,000 Coronavirus related cyber-attacks per week at height of pandemic

Report also highlights new and dangerous trend of double extortion in ransomware attacks in 2020

Check Point CEO Gil Shwed. Photo: Gilad Kavalerchik 

Coronavirus related cyber-attacks sharply increased from under 5,000 per week in February 2020 to over 200,000 per week in late April, according to a report released last week by Israeli cybersecurity giant Check Point Software Technologies.

The report, "Cyber Attack Trends: 2020 Mid-Year Report" addressed how criminal, political and non-state threat actors have exploited the COVID-19 pandemic to target organizations across all sectors, including government, industry, critical infrastructure, and healthcare.

According to the findings, COVID-19 related phishing and malware attacks sharply increased from under 5,000 per week in February 2020 to over 200,000 per week in late April, before dropping back down to around 10,000 per week in late May.

The report stated that, “thousands of Coronavirus-related domain names were registered, many of which would later be used for various scams. Some were used to sell fake COVID-19 vaccinations or medication, others for various phishing campaigns, and for distributing malicious mobile applications.”

Additionally, the report stated that as the pandemic evolved and businesses began adopting remote work policies, video communications platforms such as Zoom and Microsoft Teams and others became a hot target for hackers.

The findings also indicated that in May and June, as countries started to ease lockdowns, threat actors also increased non COVID-19 attacks, resulting in a 34% increase in all types of cyber-attacks worldwide at the end of June 2020, compared to March and April of the same year.

The data also found that during the first half of 2020 the most common form of attacks globally continued to be crypto minors, followed by mobile malware and botnet attacks.

Additionally, the most common type of malware in the first half of 2020 was Emotet, which impacted nine percent of organizations worldwide. Emotet is an advanced, self-propagating and modular Trojan, which has recently been used as a distributer of other malicious attacks.

With regards to global trends in cyberattacks, the report highlighted a new and dangerous trend in ransomware attacks, dubbed “double extortion” attacks. This type of attack "combines encryption of the victim's files with threats to publish stolen confidential information unless ransom demands are met," the report stated.

As such, the report added that victims suffer a "double blow" as " the attackers prevent access to their files and data by encrypting it, but prior to its encryption, some of the information is exfiltrated. Unless the ransom is paid, sensitive data can be made publicly available, while at the same time critical company systems remain crippled, disrupting regular operations."

“The global response to the pandemic has transformed and accelerated threat actors’ business-as-usual models of attacks during the first half of this year, exploiting fears around COVID-19 as cover for their activities. We have also seen major new vulnerabilities and attack vectors emerging, which threaten the security of organizations across every sector,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.  “Security experts need to be aware of these rapidly evolving threats so that they can ensure their organizations have with the best level of protection possible during the rest of 2020.”

You might be interested also

An Uzbek T-64MV tank. Photo: State Committee of the Republic of Uzbekistan for the Defense Industry

Uzbek Army to upgrade its T-64 Main Battle Tanks

The upgrade includes replacement of the MBT’s standard diesel engine with the engine used by the T-72 tank family, which is said to bring the mobility of the T-64MV to the same level as that of the T-72