Dear Colleagues,
Cybercriminals continue to heavily exploit the COVID-19 pandemic for financial gain.
Since the end of February, Check Point security researchers have observed a massive uptick in the registration of coronavirus-related domains, with the average number of newly registered domains increasing to almost 10 times the average weekly volume. According to Check Point:
- Approximately 0.8% of the analyzed domains are actively malicious (93 websites)
- 19% are suspicious (2,200+ websites)
- More than 6,000 new “COVID”-affiliated domains have been registered this week
- An 85% increase compared to the week before
Attackers are also using the pandemic to promote their businesses:
- Coupons or promotional codes such as “Coronavirus” codes or “CoronaVirus Discount! 10% off ALL products”
- A hacking group named “SSHacker” is offering Facebook account hacking services with a 15% discount with promotional code “COVID-19” on DeepDotMarket.
Threat-intelligence company Recorded Future states that as countries attempt to contain the spread of the coronavirus infection, cybercriminals will continue to extensively exploit the pandemic. As always, continue to watch for malicious emails and do not open suspicious links or attachments. Report any suspected incidents to your supervisor and HQ IT support (800-250-7911). You can also report incidents via email: itsupport@hq.dhs.gov or DHSspam@hq.dhs.gov
For more information, the following sites are recommended: The Hacker News & Check Point
Beth Cappello
Acting Chief Information Officer
Department of Homeland Security