The global response to COVID-19 revealed a host of new opportunities for threat actors, with FBI cybercrime reports quadrupling during the pandemic.
The mad dash by IT teams to stand up new systems outside the firewall to enable a remote workforce has expanded attack surfaces quicker and more radically than ever before. VPN usage surged 112%, and over just six weeks, and RiskIQ noted a 26.11% increase in Microsoft Remote Access Gateway instances (peaking around March 20th when stay-at-home orders took full effect). Many of these access points were stood up outside of the security teams' purview, and two recent remote-code-execution vulnerabilities now make them at risk of being used in attacks.
Meanwhile, as concern over the outbreak was sweeping the globe, attackers got to work to take advantage of it. Phishing attacks immediately grew 350%, and hospitals and other healthcare facilities suffered an onslaught of ransomware attacks, 70% of which targeted smaller providers.
However, no crime technique has flourished during the pandemic quite like scams. RiskIQ noted 317k new websites related to 'COVID-19' or 'coronavirus' in the two weeks between March 9th and 23rd, and Google currently blocks 18 million COVID-19 scam emails daily. Many of these messages promise treatment or a cure for the virus, while others offer promotions, discounts, and free products. In RiskIQ's analysis of scam and spam messages, we encounter such subject lines as "Fight COVID-19 with $100 at Drive Thru!" and "The 3 plants you need to throw in your shopping cart to fight coronavirus." On a typical day, 30k of the emails we analyze send an executable file for Windows machines, which is a reliable indicator of malware.
To take the fight to the scammers, RiskIQ has launched the COVID-19 Internet Intelligence Gateway. The microsite is a one-stop cybersecurity resource center that includes a new crawl submission and lookup service that taps into RiskIQ's massive global crawling infrastructure to analyze and compile malicious URLs related to COVID-19.
Via the COVID-19 Internet Intelligence Gateway microsite, security practitioners can submit suspicious COVID-19 URLs to be crawled and analyzed by RiskIQ's systems as well as receive curated URL blacklists. Through community participation, the site will become an authoritative source of intelligence practitioners can use to block and investigate COVID-19 scams as they proliferate on an unprecedented scale.
The COVID-19 Internet Intelligence Gateway has the potential to be a powerful tool that security practitioners can use to keep their organizations safe during the crisis. It adds to a catalog of complimentary resources RiskIQ has released to empower the cybersecurity community, as it battles an unprecedented spike in cyber threats related to COVID-19.
By signing up for RiskIQ's COVID Scams service, users will also have access to RiskIQ's other complimentary offerings, including:
- COVID-19 Daily Intelligence reports compiled by our agency-trained analysts.
- Lists of new infrastructure related to COVID-19 observed by our global crawling network updated daily.
- Email Intelligence including top Subject lines to help educate users on COVID-19 scams and malware
- Updated COVID-19 Blacklists compiled by RiskIQ