According to Check Point Threat Intelligence, more than 4,000 coronavirus-related domains have been registered worldwide since January 2020. 3% of these sites have already been identified as malicious, and another 5% as suspicious.
According to experts, hackers send spam with a link to a malicious site on behalf of trusted organizations to encourage a potential victim to click on it. When you click the link, malware is automatically installed on the user's device.
So, Check Point discovered a phishing attack allegedly on behalf of the World Health Organization (WHO), which spread in Italy. Experts noted that 10% of organizations in Italy were subjected to this attack.
Moreover, a website registered in Russia in February 2020 was discovered. The attackers offered to buy "the best and fastest test for detecting coronavirus at a fantastic price — 19,000 rubles ($264)".
In addition, a large spam campaign was recorded in Japan. There, attackers send spam on behalf of the Japanese Society for the rehabilitation of disabled persons (JSRD). Emails report the spread of the coronavirus in several cities in Japan, prompting the recipient to open the document.
If the user is interested and opens the attachment, the Emotet Trojan will be downloaded to their computer.
According to experts, as the spread of the coronavirus continues, scammers will continue to use the coronavirus theme to carry out attacks on users and businesses.
Any events that cause mass discussion or are popular, especially negative ones, are an occasion for fraudsters to realize their plans, said Alexey Dankov, head of the information security Department at Cross Technologies. In this case, they use the news as an excuse to get data, and people who are panicked lose their vigilance and, as a result, trust scammers.
"A virus that has become a pandemic is a great reason for cybercriminals to get the desired information on accounts and personal information," added Mr. Dankov.