Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

COVID-19 Cybercrimes: The Stuff of Nightmares

September 16, 2020

ZDNet posted on September 14 a rather horrifying list of COVID-19 cybercrimes, many of them related to working from home.

It was not surprising that the number of unsecured remote desktop machines has risen by more than 40% since the pandemic began. According to Channel Futures citing a Webroot study, there's been over a 40% surge in machines running RDP (remote desktop protocol). The issue with unsecured machines is that criminals can use brute force attacks to gain access to a desktop machine. And then it is child's play to get to the company network.

Cybersecurity firm Kaspersky released a report in April showing a huge jump in RDP (remote desktop protocol) attacks.

It is understandable that a number of remote desktops were deployed quickly when the pandemic started. But when you deploy devices fast and under pressure, mistakes are made. Now we have seen a 400% rise in brute force attacks.

According to Barracuda Networks, the number of phishing scams related to COVID-19 surged 667% in March. Newer data would be nice, but that's a startling rise.

Users are now three times more likely to click on pandemic related phishing emails. Those phishing emails often used words like "COVID" or "coronavirus, "masks", "test", "quarantine" and "vaccine." Even prior to the pandemic, credential theft and phishing were at the heart of more than 67% of breaches according to the Verizon Business 2020 Data Breach Investigations Report.

Tens of thousands of new COVID-19 related domains are being created every day according to ZDNet. 90% of them appear to involve scams.

Bleeping Computer found more than 530,000 Zoom accounts being sold on the dark web – at roughly a penny per login ID.

Zoom's popularity is reflected in the fact that Webroot has seen a 2,000% increase in malicious files containing the string "zoom."

I'd say "sleep well tonight" but this isn't the post for that advice.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson