Following the news that Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online, Webroot, a market leader in cyber resilience, has released new statistics demonstrating how far cybercriminals are prepared to leverage the pandemic to their advantage.
In the month following the first UK/global Pfizer vaccine dose was given to 90-year-old Margaret Keenan, Webroot’s Real-Time Anti-Phishing protection system found a rise in malicious URLs and terms to target vulnerable people, using subjects like the vaccine, COVID Cures and travel to compel them to click on malicious links and open illegitimate emails. This includes:
- Over 4,500 new suspicious domains found, which contained a combination of words relating to ‘COVID-19,’ ‘Corona,’ ‘Vaccine,’ ‘Cure COVID’ and more
- 934 domains specifically included the word ‘Vaccine’ within the title
- 611 domains contained a miss-spelling of the word ‘Vaccine’
- 2,295 contained ‘COVID’ in the title
- 622 domains contained the words ‘Test’ or ‘Testing’ in their title
- Domain titles were extremely concerning, including titles such as: ‘COVID Validator,’ ‘Testing Update,’ ‘COVID Travelcard,’ ‘Private Vaccine,’ among others.
The total use of the word ‘vaccine’ found within suspicious domain names between the 8th December and 6th January was cited as a 336% increase when compared with the month of March 2020. Webroot also observed that there was an 94.8% increase during the 8th December to 6th January time period, when compared with the previous 30 days leading up to this first date.
<p style=\"font-weight: 400;\">As 2021 brings the first mass vaccination programs to fight COVID-19, we’re already seeing cybercriminals exploiting the publicity and anticipation surrounding these to target businesses and consumers in phishing and domain spoofing attacks.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Scams using keywords based on emotive subjects concerning medical safety and the pandemic are always going to be more effective, especially when they’re in the public interest.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Remote work has forced many employees to use personal devices for business-related activities, which presents unique security concerns. With a higher prevalence of malware and generally fewer security defences in place, it’s easier for malware to slip into the corporate network via an employee’s personal device. For businesses, better security systems and training are key for protection, along with backing up data.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">For individuals, defending against these kinds of attacks should involve security awareness training and remaining vigilant in scrutinising the types of emails they receive. This should also be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies.</p>