On Tuesday, I'll be joining CBS Interactive's Michael Steinhart and Netenrich's Brandon Hoffman in what promises to be a fascinating webcast about attack surface intelligence. While preparing for my part of the session, I came upon a bunch of unsettling statistics about how cybercrime and cyberattacks have gotten worse since the beginning of the COVID-19 pandemic.
And since we can't be in the same room together anymore, I figured the next most neighborly thing I could do is share the pain. So let's dive in together. You might want to take a few Tums before you do. Your stomach acid level will thank me.
1. The number of unsecured remote desktop machines rose by more than 40%
As you might expect with so many new remote workers, there's been a huge surge in the number of remote desktop connections from home to work (or the cloud). According to Channel Futures citing a Webroot study, there's been over a 40% surge in machines running RDP (remote desktop protocol).
The issue with unsecured machines is that criminals can use brute force attacks to gain access to a desktop machine. And once on the network with a desktop machine... badness happens.
2. RDP brute-force attacks grew 400% in March and April alone
All these new remote desktop connections create a target-rich environment. But here's the thing: What happens when you rush to spin up a ton of services almost overnight? Mistakes are made. That's one reason why so many remote desktops are not secure.
And what happens when you have unsecured systems? A 400% boost in brute-force attacks. Yay, humanity!
3. Email scams related to COVID-19 surged 667% in March alone
According to Barracuda Networks, the number of phishing scams related to COVID-19 exploded in March. It probably continued in April and beyond, but we only have March data right now.
These scams work the same as normal phishing scams, trying to separate users from credentials. The only difference is that the emails are using the pandemic to try to push a new set of psychological hot buttons.
Because of so much rushed digital transformation, people are now accepting emails that might not look as formal or professional as before pandemic. And they click on those messages or log into those real-looking sites.
4. Users are now three times more likely to click on pandemic-related phishing scams
In a test performed in late March, researchers found that users are three times more likely to click on a phishing link and then enter their credentials than they were pre-COVID. Of course, it doesn't hurt that those phishing emails often used words like "COVID" or "coronavirus, "masks", "test", "quarantine" and "vaccine."
5. Billions of COVID-19 pages on the Internet
About three weeks ago, I did a Google search on the phrase "COVID-19" and got 6.1 million search results. Today, the same query yielded 4.8 billion results. Clearly, it's a topic on top-of-mind for many of us. It's also top-of-mind for scammers, because...
6. Tens of thousands of new coronavirus-related domains are being created daily
7. 90% of newly created coronavirus domains are scammy
How many of these sites are legitimate? According to the same ZDNet research performed by Catalin, "in nine out of ten cases, we found a scam site peddling fake cures, or private sites, most likely used for malware distribution only to users with a specific referral header."
8. More than 530,000 Zoom accounts sold on dark web
Just as there has been a rise in remote work and remote desktop, there has been an unprecedented rise in desktop video conferencing, mostly using Zoom. While Zoom has had some security issues, and we've seen the rise of a new practice called "Zoom bombing," the site Bleeping Computer reports it found more than half a million Zoom credentials for sale - at roughly a penny a login ID.
9. 2000% increase in malicious files with "zoom" in name
And while we're on the topic of Zoom, Webroot (via Channel Futures) reports that it's seeing a 2,000% rise in malicious files containing the string "zoom." Just for the heck of it, I typed the word "zoom" into Google and got 1.9 billion results. To be fair, zoom is a real word. That said, the Google Trends chart below shows how there was barely any interest in "zoom" until around March when "zoom" interest zoomed into the stratosphere.
The samples are not necessarily coronavirus-related, but it's a huge jump in a very short period of time that corresponds with our current troubles. That said, the SonicWall report indicates, "While it's impossible to determine causation, a strong correlation can be found in the ransomware graph and the patterns of COVID-19 infections." Because, of course it can.
I'd like to end this on an upbeat note and tell you something positive about malware trends or even the coronavirus. Since I can't, I'll just tell you something personally uplifting: there's still time tonight for me to have another cup of coffee. It's not big, but these days, we've got to acknowledge and embrace the small pleasures. Mine will be another hot cup 'o Joe warming my cozy hands, in about five minutes.
Do you have any thoughts to share about coronavirus-themed malware? What about coffee? I'm always open to a good coffee discussion. Either way, share in the comments below.