As businesses transition their workforces back to the office, hackers are distributing phishing emails and malicious files disguised as COVID-19 training materials.

    • Double digit percentage rises for Corona-related malicious sites in Latin America, Southeast Asia, Africa and Eastern Europe
    • Non coronavirus-related headline news (including ‘Black Lives Matter’) being used in phishing scams
    • In regions where restrictions are being lifted there is a decrease in Corona-related malicious websites
    • The trend of overall cyber-attacks continues to rise – 24% increase in June compared to May

Researchers at Check Point are warning of cyber criminals taking advantage of businesses transitioning their workforces back to the office. As businesses conduct webinars and trainings to educate their workers on new health measures, hackers are using those initiatives as a means to distribute phishing emails and malicious.

Coronavirus related attacks by Region

Check Point’s latest data shows that the risk of an organization being impacted by a malicious coronavirus-related website depends on whether the country it is located in has gone back to business or is still under lockdown. In regions such as Europe and North America, where economies are being re-started and organizations returning to work, there has been a sharp decrease in the number of organizations impacted by such malicious websites. In regions like Latin America and Africa, which are still struggling with the coronavirus outbreak, there is ongoing and increasing instances of organizations being impacted by coronavirus-related malicious attacks.  The graph below depicts the change:

Hijacking headlines

Another interesting consequence of some countries moving to a ‘new normal’ is cyber-criminals hijacking other big breaking news events as bait for their scams.  A prime example is the ‘Black Lives Matter’ movement.  In early June, as global protests reached their peak, Check Point´s researchers discovered a malicious spam campaign related to the movement. The emails distributed the infamous Trickbot malware as a malicious doc file, with subjects such as “Give your opinion confidentially about ‘Black Lives Matter’”, “Leave a review anon about ‘Black Lives Matter’“ or “Vote anonymous about ‘Black Lives Matter’”.

Quote: Manager of Data Intelligence, Omer Dembinsky 

“Employees everywhere should be cautious when opening emails and documents and make sure it is sent from a legitimate source inside their company. Lately, we’re seeing a trend of hackers leveraging house hold names, such as Microsoft Office 365, to trick employees. One thing is for certain: the coronavirus pandemic is leading us towards a cyber pandemic.”

How to Stay Protected

To stay protected against these opportunistic attacks, remember these golden rules:

  1. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  2. Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
  3. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  4. Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
  5. Make sure you do not reuse passwords between different applications and accounts.