Last Updated: May 21, 2021
The world at large has felt the impact of the COVID-19 pandemic. It has taken its toll on businesses, organizations, and individuals alike. As we await a vaccine or cure, some groups of hackers are taking advantage of the current situation to launch COVID-19 cyber attacks.
Several reports have surfaced in the past few months from private and government-owned online security organizations indicating a tremendous rise in COVID-19 related cyber attacks.
In light of these, our goal is to keep you abreast of such COVID-19 cyberattacks. Also, this article will introduce you to tips that can help keep yourself or your organization safe from these attacks.
Eye-Opening COVID-19 Cyber Attack Statistics and Facts
The following stats shed light on the severity of the recent rise in coronavirus cyber attacks.
- Cyber attacks have spiked up to 400% since the COVID-19 pandemic.
- Since this pandemic started, Google has been blocking an average of 18 million phishing emails and malware related to COVID-19 daily.
- COVID-19 related spam has increased by 6,000% since the start of the pandemic.
- Gmail is blocking a total of 100 million phishing emails daily.
- As of March 2020, COVID-19 related spear-phishing attacks have increased by 667% for the year.
- Sophisticated based phishing attacks are on the rise.
- COVID-19 related phone scams are also on the rise.
Let’s get into deeper details about these cyber attacks.
COVID-19 Related Cyber Attack Statistics
COVID-19 attacks have become persistent in recent times, with an increasing number of hackers using this pandemic to their advantage. The following COVID-19 cyberattacks statistics show exactly what they’ve been up to:
1. Cyber attacks have spiked up to 400% since the COVID-19 pandemic.
(Source: MSSP Alert)
Cybersecurity officials worldwide are reportedly experiencing a 4x increase in daily cyber threats since the start of the pandemic. According to experts, this increase in current cyber attacks is because a lot of people now have to work from home. This shift from the office to the home presents certain challenges and loopholes which hackers are exploiting. A good example is not being able to utilize the corporate antivirus software that helps scan files and links for malware.
2. Every day since the pandemic started, Google has been blocking an average of 18 million phishing and malware emails related to COVID-19.
(Source: Security Boulevard)
Initially, an average of 18 million phishing and malware emails were detected in a week. But ongoing cyber attacks show that hackers are leveraging the widespread fear caused by the coronavirus outbreak to lure victims into downloading malware-infected files conveying COVID-19 messages. Most of these phishing emails impersonate authoritative government organizations like the CDC and the WHO.
3. COVID-19 related spam has increased by 6,000% since the start of the pandemic.
(Source: Security Intelligence)
COVID-19 statistics reveal that many businesses have shifted to remote work. However, switching to a new working policy provides new opportunities for hackers to exploit. According to reports, malicious domain registrations, email spamming, and malware and ransomware attacks have all skyrocketed.
4. Gmail is reportedly receiving 240 million daily spam messages since the start of the pandemic.
(Source: Web Arx Security)
This is aside from the 18 million phishing and malware emails related to the COVID-19, mentioned earlier.
5. Gmail is blocking a total of 100 million phishing emails daily.
(Source: Web Arx Security)
As it turns out, COVID-19 related phishing emails are not the only type of cyber attacks happening now or being intercepted by Google’s cybersecurity team this period. Other forms of phishing emails abound, and the 18 million COVID-19 related phishing emails and malware pushes the total number of phishing emails intercepted by Google daily to 100 million.
6. As of March 2020, COVID-19 related spear-phishing email attacks have increased by 667% for the year.
(Source: Security Magazine)
In March 2020 there were 467,825 spear-phishing emails detected, of which 9,116 were COVID-19 related.
There’s definitely an increase in such scams. Just compare the numbers of recent cyber attacks and those in January (137) and February (1,188).
7. The FBI complaint center for internet crime has reportedly received over 3,600 COVID-19 related scam complaints.
As of March 2020, this figure was pegged at just 1200. However, within a month, it spiked above 3,000. The majority of these complaints revolve around malicious COVID-19 cyber attack websites that advertise either fake charity donations for vulnerable citizens or fake cure/vaccines. However, the ultimate aim is to distribute malware or steal sensitive information from victims.
8. Sophisticated based phishing attacks are on the rise.
(Source: Security Boulevard)
Hackers create these sophisticated cyber attacks to bypass existing defenses. These attacks leverage mostly emails, trusted SaaS services used by some of these enterprises, and PDF attachments to distribute their malware. They’re already giving results.
9. COVID-19 related phone scams are also on the rise.
Criminals worldwide are posing as the CDC (Center for Disease Control and Prevention) when calling citizens. They are extorting money from people in the name of donations to the CDC, or extract sensitive information for cybercrime activities.
10. Cyber attacks through COVID-19 related WordPress plugins and themes are on the rise.
(Source: Web Arx Security)
The WP-VCD malware has existed for years, and its source code was created to target WordPress plugins and themes. More recent cyber attack statistics show that since the start of this pandemic, the WP-VCD malware has been redesigned to focus majorly on COVID-19 related plugins that help websites show real-time coronavirus statistics. This subsequently allows hackers to infiltrate any website with such a plugin.
11. Fake registered coronavirus domains are on the rise.
(Source: Web Arx Security)
Some of the most recent malware attacks have come from malicious domains registered as healthcare organizations to lure victims into disclosing sensitive details, like working email and password. Those who fall victim become targets to potential fraud attacks.
12. Phishing attacks telling victims that they are exposed to the coronavirus are on the rise.
(Source: Bleeping Computer)
The aim is to get users to click on a protected attachment that supposedly has their information because they have recently come in contact with a coronavirus case. That way, hackers can steal vital information. This information includes but is not limited to web browser cookies, username and passwords, cryptocurrency wallet information, bank information, and many more.
13. Phishing websites alone have increased by 350% since the start of this pandemic.
(Source: Atlas VPN)
Google reports a total of 522,495 phishing websites as of March 2020. That is a 350% increase from the 149,195 active phishing websites discovered in January 2020.
14. Between March 9th and 23rd, over 300,000 coronavirus keyword-related websites were created.
(Source: Risk IQ)
Hackers are feasting on people’s craving for information on the COVID-19 pandemic. Recent COVID-19 stats reveal that in the past month, thousands of coronavirus related websites were created with the sole aim of stealing sensitive information. These days, there is a high possibility of encountering a malicious website if you look up information about COVID-19 on Google.
15. Banks have experienced a 238% increase in cyberattacks since the start of the pandemic.
(Source: Risk IQ)
Governments all over the globe are spending billions of dollars trying to cushion the effect of the pandemic on its citizens. Most of these funds are being transferred through banks to individuals, making both the banks and citizens’ personal electronic devices prime targets for hackers.
16. 46% of businesses that have started working remotely during this pandemic have experienced at least one form of a cybersecurity attack.
(Source: Risk IQ)
Worldwide cyber attacks have increased as more than 41% of businesses around the world are cutting down on cybersecurity budgets in a bid to survive the financial pressures caused by COVID-19. However, the negative effect of such a move gives hackers room to operate freely with less hindrance.
17. The average amount demanded for ransomware attacks since the start of the pandemic has increased by 33%.
(Source: Risk IQ)
The amount demanded by hackers as a ransom for any successful attack during the pandemic is $111,605, on average, for larger organizations. Smaller organizations pay up to $44,021.
18. Ransomware attacks have reportedly increased by 148% during the pandemic.
(Source: CSO Online)
COVID-19 related cyber attacks are on the rise, and the health sector happens to be the most targeted by these attackers. The coronavirus pandemic has placed the health sector on overdrive. Research data and lab reports are some of the critical files transferred across various health and research centers. Any successful ransomware attack can potentially destroy lives by halting the activities of affected treatment and research centers.
List of Major COVID-19 Cyber Attacks
Now it’s time to introduce you to some major COVID-19 cyberattacks that have taken place globally during the current pandemic.
19. Hackers are weaponizing COVID-19 in the form of phishing emails and malware worldwide.
(Source: LL Stager)
These malware would typically appear as a COVID-19 themed message, thus leveraging the increased thirst for COVID-19 related information by the public. Such a move aims to get unsuspecting victims to click on a malware disguised as a relevant attachment. This malware steals vital information such as bank details, passwords, system or network information, cryptocurrency wallet information, or even WiFi passwords. The malware used for these attacks ranges from common attack vectors to more complicated ones.
20. Netherlands’s National Institute for Public Health and the Environment (RIVM) was impersonated in a COVID-19 related scam.
(Source: Risk IQ)
Hackers were supposedly sending malicious links to people using the [NL-Alert] tag, which the Netherland government uses to disburse information or communicate to its citizens during a crisis. Such a message creates panic and urgency at the same time, thus increasing the likelihood of having a high open-rate.
21. Hackers impersonating the WHO Chief through phishing emails to healthcare workers.
(Source: Beckers Hospital Review)
Recent COVID-19 cyber threats reveal that hospital workers are receiving spoofed emails that appear like they come from the director of the World Health Organization (WHO). These hackers are sending out personalized messages that directly call out the username of these health workers, asking them to open up the attachment on the email for important information from the director of the WHO.
Unknown to the victims, these attachments are info-stealers that can spread into a computer system to steal vital credentials and information. One of the primary reasons hackers target healthcare workers is to gain access to computers from major COVID-19 research and testing centers. As such, they can thwart crucial ongoing operations and demand for ransom afterward.
22. Hackers impersonating the World Health Organization by sending out phishing emails that supposedly contain an eBook with vital information about the coronavirus.
(Source: Malware Bytes)
Such spam emails claim that the attached eBook contains content about in-depth research on the coronavirus that will help the public stay safe and healthy, and also protect their children and businesses. The message body even reveals a few teasers that are supposedly contained in the content of the attachment. This builds curiosity further and increases the chances of victims downloading this eBook.
Given the growing fear among the public, these emails are getting high click-through rates all around the globe. Victims that get to download the attached extension unknowingly grant access to malware to infiltrate their computer system and possibly steal any valuable information.
The World Health Organization (WHO) has admonished the public to stay vigilant to such attacks and look out for red flags, even though security organizations are doing their best to block millions of these attacks daily.
23. Food delivery service in Germany under DDoS cyber attack.
(Source: Bleeping Computer)
Since the start of this pandemic, more people have found themselves at home. Businesses are down, and movement is restricted, but people still need to eat. For that reason, food delivery services have been on the rise. Hackers are launching COVID-19 cyber attacks that are threatening both food delivery business owners and the public.
More recently, in Germany, a notable food delivery service (lieferando.de) that boasts of food delivery from over 15,000 German restaurants was under a Distributed Denial of Service (DDoS) attack. It caused its website to shut down and stop the intake of orders. The perpetrators of this attack demanded two bitcoins (worth over $11,000 at the time) as ransom.
24. Czech Brno Hospital’s tech wing shut down on March 12 and 13 due to a cyber attack from hackers.
(Source: Healthcare IT News)
Hackers recently sent a coronavirus cyber attack to one of the most significant COVID-19 testing facilities (Brno University Hospital) in the Czech Republic. The attack caused the hospital’s operations to shut down as all tech gadgets were not functioning, and operations could no longer continue. New patients had to be relocated to other health centers for proper treatment.
This attack also affected two other branches of the Brno University Hospital, but no one is sure about how much damage the COVID-19 testing laboratories in the facility encountered.
25. Fake items on sale on the internet using the COVID-19 discount code.
(Source: The Next Web)
Since the start of the pandemic, the government and many other privately owned businesses have been providing customers with discounted products to help cushion the effect of reduced earnings. However, the latest malware threats statistics reveal that cybercriminals are taking advantage of the situation by also offering discounted prices for various online tools.
The difference here is that the tools these hackers are claiming to sell are links to a malware that will infiltrate the system of any victim that tries to make the purchase.
Having been educated on the severity of these attacks and how ambitious these hackers can be, you must learn ways to protect yourself or your business. Some of these hackers don’t care and will exploit almost anyone despite the pandemic. We have detailed steps on how to keep yourself and your organization safe.
How Can You and Your Business Stay Safe From COVID-19 Cyber Attacks?
Let’s look into ways of protecting ourselves from these ravaging coronavirus cyber attacks.
1. Make use of strong passwords for your online accounts.
Passwords are like your gateway to the online world. Almost anything you wish to do online today requires you to have a password. That is why cybercriminals will never stop stealing passwords.
Did you know that 477,807 passwords are stolen on the internet daily?
The average internet user has up to 100 online accounts linked to one email, all of which require a password. It can be quite tricky, if not impossible, for one user to remember 100 passwords. Most people opt to use just one password for all accounts.
You’re vulnerable to cyber attacks if you are using:
- One password for several accounts
- Your name, a spouse’s, or a relative’s as a password
- Sequential keyboard patterns like 12345
- Common words and short phrases.
To create a secure password, you need to avoid the aforementioned risk factors. Instead, combine letters with upper and lower cases, use symbols, add numbers, and make it long.
If the tips given are looking somewhat challenging to implement, then you might want to make use of a password manager. Password managers can help you create sophisticated passwords that are difficult to hack and easy for you to access as the owner. Plus, they help you store all your passwords in an encrypted format that makes it almost impossible for hackers to crack.
2. Watch out for spam emails.
Spam messages are one of the most common means that hackers use to lure their victims. It has existed for years. Statistics show that the average user receives 16 million malicious emails in a month, most of which come with malware disguised as an important file.
The COVID-19 phishing emails are no different than spam messages – they are only rebranded to convey coronavirus-related. These attachments contain malware that can either render your computer useless in exchange for a ransom or steal sensitive data from your computer.
For your safety, do not open or download any attachment from an unknown source or sender. If you wish to know more about how to spot a phishing email, we have just the right guide for you.
3. Install antivirus software.
Millions of malware and many other tools used by cyber attackers are circulating the web daily. An antivirus software helps to keep your computer secured and free from an unauthorized entry that may cause harm to your operating system.
These antivirus solutions can detect real-time threats that seek to gain unauthorized access to your computer. Plus, they can be easily updated to keep you safe from the millions of malware that hackers create daily.
Because we know how vital antivirus can be to your online safety, we have gone the extra mile to curate the best antivirus suites in the market.
4. Make use of a VPN as an extra layer of security.
A VPN (Virtual Private Network) gives you anonymity on the web, meaning you can access the internet through a different server without exposing your current location. You may be surfing the internet from the US, and have the VPN portray your IP (Internet Protocol) address as if coming from France. That way, you can access online content restricted to French servers alone.
Not only does a VPN give you anonymity over the internet, but it also encrypts your information on the web. As such, cybercriminals are unable to access them easily in case of a hacking or cyber attack attempt. We understand how vital a VPN can be to your online safety and have taken our time to search for the best VPN services in the market and put them in one place for your convenience.
5. Your operating system and security software should be updated as often as possible.
Cybercriminals are creating millions of malware daily, all of which are on the lookout for loopholes to exploit. Outdated software can barely keep up with the constant influx of new cyber attack threats. Hence, you need to keep your software updated to the most recent version from your software provider to help secure your device from new threats all the time.
6. Activate two-factor authentication where possible.
Two-factor authentication, also known as 2FA, is a security process that allows your service provider to place you on alert via text message or email anytime someone is trying to gain access to your account. In a case where a hacker gets a hold of one of your login details to a particular website and is trying to log into the account, you get notified via SMS or email to verify the login attempt via a code. If you do not approve the login attempt by providing this code, the hacker will be denied access, and your account remains secure. This also serves a double function of alerting you that your account details are compromised. As such, you can take a further step by changing your password for such an account.
The COVID-19 situation is a delicate one. It has taken hold of the lives of millions globally. Yet, in the midst of it all, cyber attackers are taking advantage of the situation to exploit government organizations, individuals, and businesses by launching COVID-19 cyber attacks.
As if we need any more problems!
However, the good news is that with adequate procedures in place, one can successfully avoid these constant attacks. Use our advice, stay home, and stay safe!