COVID cybercrime: 10 disturbing statistics to keep you awake tonight

Nine out of 10 coronavirus domains are scams. Half a million Zoom accounts are for sale on the Dark Web. Brute-force attacks are up 400%. And there's more. So much more.
Written by David Gewirtz, Senior Contributing Editor on

On Tuesday, I'll be joining CBS Interactive's Michael Steinhart and Netenrich's Brandon Hoffman in what promises to be a fascinating webcast about attack surface intelligence. While preparing for my part of the session, I came upon a bunch of unsettling statistics about how cybercrime and cyberattacks have gotten worse since the beginning of the COVID-19 pandemic.

Join me:

And since we can't be in the same room together anymore, I figured the next most neighborly thing I could do is share the pain. So let's dive in together. You might want to take a few Tums before you do. Your stomach acid level will thank me.

1. The number of unsecured remote desktop machines rose by more than 40%

As you might expect with so many new remote workers, there's been a huge surge in the number of remote desktop connections from home to work (or the cloud). According to Channel Futures citing a Webroot study, there's been over a 40% surge in machines running RDP (remote desktop protocol).

The issue with unsecured machines is that criminals can use brute force attacks to gain access to a desktop machine. And once on the network with a desktop machine... badness happens.

2. RDP brute-force attacks grew 400% in March and April alone

According to Catalin Cimpanu here on ZDNet, cybersecurity firm Kaspersky released a report in April showing a huge jump in RDP (remote desktop protocol) attacks.

All these new remote desktop connections create a target-rich environment. But here's the thing: What happens when you rush to spin up a ton of services almost overnight? Mistakes are made. That's one reason why so many remote desktops are not secure.

And what happens when you have unsecured systems? A 400% boost in brute-force attacks. Yay, humanity!

3. Email scams related to COVID-19 surged 667% in March alone

According to Barracuda Networks, the number of phishing scams related to COVID-19 exploded in March. It probably continued in April and beyond, but we only have March data right now.

These scams work the same as normal phishing scams, trying to separate users from credentials. The only difference is that the emails are using the pandemic to try to push a new set of psychological hot buttons.

Because of so much rushed digital transformation, people are now accepting emails that might not look as formal or professional as before pandemic. And they click on those messages or log into those real-looking sites.

4. Users are now three times more likely to click on pandemic-related phishing scams

Let's add a bonus statistic, courtesy of the Verizon Business 2020 Data Breach Investigations Report. Even prior to the pandemic, credential theft and phishing were at the heart of more than 67% of breaches.

In a test performed in late March, researchers found that users are three times more likely to click on a phishing link and then enter their credentials than they were pre-COVID. Of course, it doesn't hurt that those phishing emails often used words like "COVID" or "coronavirus, "masks", "test", "quarantine" and "vaccine."

5. Billions of COVID-19 pages on the Internet

About three weeks ago, I did a Google search on the phrase "COVID-19" and got 6.1 million search results. Today, the same query yielded 4.8 billion results. Clearly, it's a topic on top-of-mind for many of us. It's also top-of-mind for scammers, because...

6. Tens of thousands of new coronavirus-related domains are being created daily

ZDNet has been tracking the rise in coronavirus-themed domains and has found that tens of thousands of new unique coronavirus-themed domains are being created on a daily basis.

7. 90% of newly created coronavirus domains are scammy

How many of these sites are legitimate? According to the same ZDNet research performed by Catalin, "in nine out of ten cases, we found a scam site peddling fake cures, or private sites, most likely used for malware distribution only to users with a specific referral header."

8. More than 530,000 Zoom accounts sold on dark web

Just as there has been a rise in remote work and remote desktop, there has been an unprecedented rise in desktop video conferencing, mostly using Zoom. While Zoom has had some security issues, and we've seen the rise of a new practice called "Zoom bombing," the site Bleeping Computer reports it found more than half a million Zoom credentials for sale - at roughly a penny a login ID.

9. 2000% increase in malicious files with "zoom" in name

And while we're on the topic of Zoom, Webroot (via Channel Futures) reports that it's seeing a 2,000% rise in malicious files containing the string "zoom." Just for the heck of it, I typed the word "zoom" into Google and got 1.9 billion results. To be fair, zoom is a real word. That said, the Google Trends chart below shows how there was barely any interest in "zoom" until around March when "zoom" interest zoomed into the stratosphere.

Google Trends

10. COVID-19 drives 72% to 105% ransomware spike

According to the Skybox Security 2020 Vulnerability and Threat Trends Report, ransomware samples (captured malicious files and code) have shot up 72% since the beginning of the pandemic. If you want even more worrisome numbers, look no further than SonicWall's 2020 Cyberthreat report, which sees a 105% spike.

The samples are not necessarily coronavirus-related, but it's a huge jump in a very short period of time that corresponds with our current troubles. That said, the SonicWall report indicates, "While it's impossible to determine causation, a strong correlation can be found in the ransomware graph and the patterns of COVID-19 infections." Because, of course it can.

The biggest hacks, data breaches of 2020 (so far)

But wait, there's more

Although these items didn't fit nicely into little statistics, we've noticed more coronavirus-related scams and problems, including ransomware on fake contact tracing apps, COVID-19 malware that will wipe your PC and blast your master boot record, and the totally unsurprising story that the Russians are meddling with western scientific coronavirus vaccine research. You know what they say: Putins will be Putins.

Stay tuned to ZDNet's Zero Day column for ongoing coverage of security threat issues. And feel free to join me tomorrow, September 15 in Get ahead of an attack: What weaknesses do hackers see in your network? at 2:00 pm ET / 11:00 am PT / 18:00 GMT. It's free and should be quite informative.

I'd like to end this on an upbeat note and tell you something positive about malware trends or even the coronavirus. Since I can't, I'll just tell you something personally uplifting: there's still time tonight for me to have another cup of coffee. It's not big, but these days, we've got to acknowledge and embrace the small pleasures. Mine will be another hot cup 'o Joe warming my cozy hands, in about five minutes.

Do you have any thoughts to share about coronavirus-themed malware? What about coffee? I'm always open to a good coffee discussion. Either way, share in the comments below.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Editorial standards