Malicious activities related to the coronavirus pandemic is also on the rise as user interest in the topic grows, said Unit 42, the threat intelligence arm of Palo Alto Networks recently.
“We observed a 656% increase in the average daily Coronavirus-related domain name registrations from February to March. In this timeframe, we witness a 569% growth in malicious registrations, including malware and phishing,” Unit 42 noted in a statement.
According to the organisation, there is also a 788% growth in “high-risk” registrations, including scams, unauthorised coin mining, and domains that have evidence of association with malicious URLs within the domain or utilisation of bulletproof hosting.
As of the end of March, Unit 42 identified 116,357 Coronavirus-related newly registered domain names. Out of these, 2,022 are malicious and 40,261 are “high-risk”.
“We analyse these domains by clustering them based on their Whois information, DNS records and screenshots (collected by our automated crawlers) to detect registration campaigns,” said Unit 42. “We found that while many domains are registered to be resold for a profit, a significant fraction of them are used for both well-known malicious activities as well as for fraudulent shops selling items in short supply.”
The traditional malice abusing Coronavirus trends includes domains hosting malware, phishing sites, fraudulent sites, malvertising, cryptomining, and Black Hat Search Engine Optimisation (SEO) for improving search rankings of unethical websites, Unit 42 pointed out.
“Interestingly, although many webshops that use newly registered domains try to scam users, we detected an especially unethical cluster of domains capitalising on users’ fear of Coronavirus to further frighten them into buying their products,” Unit 42 observed.
Unit 42 also discovered a group of Coronavirus-themed domains, which now serve parked pages with high-risk JavaScript that may at anytime start redirecting users to malicious content.
“People should be highly skeptical of any emails or newly-registered websites with COVID-19 themes, whether they claim to have information, a testing kit, or a cure,” Unit 42 advised.
Special care should be taken to examine domain names for legitimacy and security, such as ensuring it is the legitimate domain (google[.]com vs g00gle[.]com), and that there is a lock icon to the left-hand side of the browser’s URL bar, ensuring a valid HTTPS connection, Unit 42 added.
Similar care should be taken with any COVID-19 themed emails - a look at the sender’s email address often reveals the content is likely not legitimate, as it’s either unknown to the recipient, mis-spelled, or suspiciously long with random seeming characters, Unit 42 said.
While organisations have always provided secure access to their employees working from home via VPN connections, the enormous amount of employees requiring secure access is unprecedented and requires additional resources and capacity, Unit 42 pointed out.
CFOs need to be aware of this and work with CIOs or CSOs to ensure that VPN connection is secured to avoid incidents that can cause financial loss and other types of loss.
