COVID-19 accounts for most 2020 cyberattacks

The pandemic has served as a catalyst for much of the hacking increases during the first half of 2020, with weekly COVID-19-related phishing attacks growing from under 5,000 in February to more than 200,000 in late April.

All types of cyberattacks were up 34 percent from March to April, according to Check Point’s mid-year report. The attacks included everything from nation-states gathering  intelligence about prospective vaccines or disrupting rivals’ handling of the deadly virus to consumers stepping up their online purchases and work-from-home as the new normal.

The World Health Organization experienced a 500 percent increase in attacks.

In the past six months, the way we live and work has changed beyond recognition,” the report noted, referring to COVID-19’s impact. “To put it simply – life on earth has gone online. The change was not gradual but happened seemingly overnight.”

Among the report’s other findings:

  • Cryptominers lead cyberattack categories globally, making up nearly 20 percent of all cyberattacks.
  • Email attack vectors (78 percent) dominate web attack vectors (22 percent).
  • Excel files (exe) are the top malicious files across web (42 percent) and email (26 percent).
  • Eighty percent of the observed attacks used vulnerabilities reported and registered in 2017 and earlier.
  • More than 20 percent of the attacks used vulnerabilities that are at least seven years old.

As to the escalation of cyberattacks related to the pandemic, the nation-states variety “has seen a surge in intensity and escalation in severity.”

In the first half of 2020, Check Point observed a new form of ransomware, which it called “double extortion,” in which attackers exfiltrate large quantities of data prior to encrypting it. Victims who refuse to pay the ransom are threatened with the data being leaked, putting additional pressure on them to meet the criminals’ demands.

Other notable trends over the past six months include:

Mobile exploits diversify: Mobile device infection vectors expanded and bypassed security protections, placing malicious apps in official app stores.  In fact, one threat actor used a large international corporation’s Mobile Device Management system to distribute malware to more than 75 percent of its managed mobile devices.

Cloud exposure: Increased reliance on public cloud storage because of the pandemic led to an increase attacks targeting sensitive cloud workloads and data. 

The 27-page report’s charts and statistics includes Cyber Attack Categories by Region and a breakdown of malware types dispersed geographically, a list of the top vulnerabilities, and a chronology of major attacks.

“The global response to the pandemic has transformed and accelerated threat actors’ business-as-usual models of attacks during the first half of this year, exploiting fears around COVID-19 as cover for their activities,” said Maya Horowitz, director of threat intelligence and research, products, at Check Point. “We have also seen major new vulnerabilities and attack vectors emerging, which threaten the security of organizations across every sector.”

Whether Check Point had any predictions for the near future, Maya Levine, Check Point technical marketing engineer, told SC Media,  “It is difficult to predict the attack types threat actors will be using during the next six months.”

Levine cited for example that when cryptocurrency went down in value, a significant decrease in crypto-mining attacks followed. Furthermore, constantly new emerging attacks have yet to be invented

Check Point researchers found that since January, 4,305 domains related to coronavirus-related stimulus or relief packages have been registered globally to create scam websites that capitalize on coronavirus news, supposedly providing financial incentives, and prey on fears, tricking people into using the websites or clicking on links. 

“Ninety-four percent of coronavirus-related attacks we discovered were phishing attacks, while 3 percent were mobile attacks (either via dedicated mobile malware or via malicious activity carried out on a mobile device),” Levine said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.