Check Point reveals cyber security impact of COVID-19

A recent study by Check Point has revealed that 71% of security professionals reported an increase in security threats or attacks since the beginning of the coronavirus outbreak.

The study, conducted for Check Point by Dimensional Research, surveyed 411 IT and security professions, all from organisations with more than 500 employees, and was aimed at examining the severity of impact coronavirus has had on enterprise security.

Phishing attempts were cited as the leading threats by 55% of respondents, followed by malicious Web sites claiming to offer information or advice about the pandemic (32%).

Increases in malware came in at 28% and ransomware at 19%.

According to Check Point, the findings highlight that the rapid changes to enterprise working practices, and broader concerns about the pandemic, are being taken advantage of by bad actors as they ramp up their efforts, creating a slew of new challenges for security practitioners.

According to the study, 95% of respondents said they are facing added IT security issues due to the spread of COVID-19. The top three challenges were revealed as the provision of secure remote access for employees (56%), the need for remote access scalable solutions (55%), and that employees working from home were using shadow IT (47%).

In addition, 61% of respondents were concerned about the security risks of having to make rapid changes to enable remote working. Another 55% felt that remote access security needed improving, and 49% are concerned about the need to scale-up endpoint security.

The survey results also showed that Coronavirus-related domains are 50% more likely to be malicious than other domains registered since January this year, and the average number of new domains registered in the three weeks from the end of February was nearly 10 times more than the average number found in previous weeks.

The security giant also said it detected approximately 2 600 coronavirus-related cyber attacks each day, on average, with a peak of 5 000 on 28 March. More than 30 103 new coronavirus-related domains have been registered in last two weeks alone, 131 of which are malicious, and 2 777 considered suspicious. “Over 51 000 coronavirus-related domains have been registered since the start of the coronavirus pandemic.”

Similarly, Check Point’s researchers have discovered several ‘coronavirus specials’ advertised by hackers through the dark Web, with ‘COVID-19’ or ‘coronavirus’ being used as discount codes for out-of-the-box malware.

Check Point’s regional director for Africa, Pankaj Bhula, said malefactors will always try and capitalise on the latest trends to increase their chances of a successful attack, and the COVID-19 pandemic has caused a ‘perfect storm’ of global catastrophe, combined with significant changes due to working from home, and the technologies needed to do so.

“This has meant a significant increase in the attack surface of many organisations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organisations need to protect themselves with a holistic, end-to-end security architecture. This means ensuring accessible and reliable connections between corporate networks and remote devices 24/7, promoting collaboration and productivity between teams, networks and offices, and deploying robust protection against advanced threats and cyber crime techniques at all points on the enterprise network fabric.”

Remote working tool Zoom has also come under the spotlight, as many organisations rely on it to facilitate their workforce working from home. 

Check Point has noted a spike in the number of “Zoom” domains registered and has uncovered malicious “Zoom” files targeting remote workers. The company documented 1 700 new “Zoom” domains registered since the advent of the pandemic, 25% of which were registered over the last week, and has deemed 70 domains as suspicious.

Compounding the problem, in January this year, the company published a report showing that Zoom contains a security bug. The research illustrated how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Zoom was subsequently forced to fix the security breach and change some of its security features, including mandating scheduled meetings to automatically be protected by a password.

According to Check Point, there are several steps businesses can do to stay safe. 

Firstly, it advises taking a practical approach to securing remote workers by installing VPN software and endpoint threat prevention. 

Next, it says to educate employees about the risks of spam and phishing e-mails. 

Finally, the company advises learning to identify fake Web sites and better understanding how fake Web sites are used to trick users into sharing their private information.