Researchers have discovered tens of thousands of malicious websites taking advantage of the ongoing coronavirus pandemic, according to ZDNet (opens in new tab), which today reported that thousands of similar websites are being created every day.
The report said that cybersecurity software vendor RiskIQ began tracking COVID-19-related domains on March 15 and found 13,500 suspicious domains. On March 16, it found more than 35,000 more domains, and on March 17 it discovered over 17,000. More were probably created today.
- Can you get coronavirus from a package (opens in new tab)?
- Coronavirus tech show cancellations (opens in new tab): The latest
- Breaking: Nvidia GeForce Now membership selling out (opens in new tab)amid coronavirus outbreak
RiskIQ also said (opens in new tab)yesterday that it found many spam emails related to the outbreak:
"RiskIQ analyzed its spam box feed for the time period of 03/13/2020-03/16/2020. During this four-day period, RiskIQ analyzed 437,887 spam emails containing either “*corona*” or “*covid*” in the subject line. There were 54,847 unique subject lines observed during the reporting period. The spam emails originated from 32,535 unique sending email addresses and 44,165 unique SMTP IP Addresses. Analysts identified 536 emails, which sent an executable file for Windows machines."
Law enforcement agencies have started to warn people about these efforts as well. The UK National Cyber Security Centre revealed (opens in new tab) COVID-19-related phishing attacks on March 16, and on March 17, the FBI warned Americans about malicious websites.
"Be wary of malicious websites and apps pretending to track #COVID19 cases worldwide. Criminals are using malicious websites and apps to infect and lock devices until payment is received. Report scams and attempted scams at http://ic3.gov (opens in new tab)," an FBI tweet (opens in new tab)yesterday.
This problem isn't going to go away any time soon. Spammers almost immediately started to take advantage of the viral outbreak--we heard about the first campaign based on COVID-19 (opens in new tab) in January--and other malware distributors quickly followed suit (opens in new tab).