As cyber criminals exploit the coronavirus pandemic with stepped up attacks and enterprises make remote access secure for increasing numbers of teleworkers, IT security professionals are faced with a new set of challenges, Check Point Software Technologies found in a new study.
The security specialist’s survey of some 400 IT and security pros globally turned up the following results:
Coronavirus threats spiking.
- 71% of security professionals reported an increase in security threats or attacks since the beginning of the coronavirus outbreak.
- The leading threat cited was phishing attempts (55%), followed by malicious websites claiming to offer information or advice about the pandemic (32%), and increases in malware (28%) and ransomware (19%).
More security challenges appearing.
- 95% of respondents said they are facing added IT security challenges due to the spread of the coronavirus.
- The three leading challenges were provision of secure remote access for employees (56%), the need for remote access scalable solutions (55%) and employees working from home using untested software, tools and services (47%).
More security concerns rising.
- 61% of respondents were concerned about the security risks of having to make rapid changes to enable remote working.
- 55% believe that remote access security needs improvements.
- 49% are concerned about the need to scale-up endpoint security.
“Cybercriminals will always seek to capitalize on the latest trends to try and boost the success rates of attacks, and the coronavirus pandemic has created a perfect storm of a global news event together with dramatic changes in working practices and the technologies used by organizations,” said Rafi Kretchmer, who heads Check Point’s product marketing. “This has meant a significant increase in the attack surface of many organizations, which is compromising their security postures,” he said.
In an earlier report, Check Point found that Coronavirus-related domains are 50 percent more likely to be malicious than other domains registered since January 2020. The average number of new domains registered in the three weeks from the end of February was almost 10 times more than the average number found in previous weeks. Similarly, hackers have advertised several ‘Coronavirus specials’ on the dark web, with ‘Covid-19’ or ‘coronavirus’ being used as discount codes for sales of out-of-the-box malware, Check Point said.
Threat actors are also targeting mobile devices to capitalize on the coronavirus pandemic. In a separate report, Check Point’s researchers said skilled threat actors are spreading mobile malware, including mobile remote access trojans, banker trojans, and premium dialers, via apps that claim to offer Coronavirus-related information and help for users. Check Point's researchers have discovered 16 different malicious apps, all posing as legitimate coronavirus apps aimed at stealing users’ sensitive information or generating fraudulent revenues from premium-rate services, the vendor said. None of the malicious apps were found on an official app store. More than 51,000 of coronavirus-related domains have been registered since January 2020, Check Point said.
