Saudi Ministry of Education to showcase innovations at 2025 Geneva International Exhibition    7,523 violators of residency, labor, and border security laws deported in a week    Video contradicts Israeli army account of deadly March 23 strike on Gaza paramedics    Saudi Arabia spends over $241 million to implement de-mining projects in 3 countries    Italy's Meloni government approves controversial security decree expanding police protections and penalties    Egypt submits new Gaza ceasefire and prisoner exchange proposal: Report    'Everything is possible' — Ronaldo focused on titles, not 1,000-goal milestone after Riyadh Derby win    Saudi, US military leaders discuss enhanced defense cooperation in Riyadh    King Salman Global Academy for Arabic Language launches program with Indiana University    Ronaldo brace powers Al Nassr past Al Hilal in Riyadh derby thriller    Ed Sheeran weaves Persian music into new song, Azizam    Al-Jadaan: Crown Prince's directives confirm government's ability to bring back balance to real estate market    Veteran Bollywood actor Manoj Kumar dies at 87    Foreign investors are allowed to engage in real estate business outside Makkah and Madinah Commercial speculation should not be the purpose of real estate transaction    Aubameyang fires Al Qadsiah into King's Cup final with stoppage-time winner over Al Raed    Musk's X is suing India, as Tesla and Starlink plan entry    Tesla sales plunge after backlash against Elon Musk    Danilo Pereira fires Al Ittihad into King's Cup final with dramatic stoppage-time double    Screen time in bed linked to insomnia, study finds    Mexico bans junk food in schools to fight childhood obesity epidemic    Sweet sales surge ahead of Eid as Saudi chocolate imports top 123 million kg in 2024    Bollywood actress vindicated over boyfriend's death after media hounding    Grand Mufti rules against posting prayers and preaching in mosques on social media    King Salman prays for peace and stability for Palestinians in Ramadan message King reaffirms Saudi Arabia's commitment to serving the Two Holy Mosques and pilgrims    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Trend analysis: COVID and coronavirus themed web and email traffic
Published in The Saudi Gazette on 25 - 04 - 2020

Forcepoint X-Labs is the custodian of threat and behavioral intelligence at Forcepoint. In analysing anonymized recent web and email traffic we have observed interesting trends generated by our global customer base.
This analysis focussed on traffic relating to keywords of "Corona" and "COVID." We share our observations below to show how the behavior of cybercriminals and your own people have changed in response to the situation in which we all now find ourselves.
Methodology
• Web and email traffic processed by our Cloud Web Security and Cloud Email Security products was analysed to surface trends of the last 3 months (19 January 2020 to 18 April 2020 inclusive).
• We sought keywords of COVID and Corona in URLs accessed directly over the Web or embedded with an email.
• The analysis was applied to a global dataset of Forcepoint customers.
• Data was anonymized (counts only, no attribution) to protect the privacy of our customers as per our approach to "Privacy-by-Design."
Highlights
• The analysis shows that cyber criminals are opportunists seeking to piggyback on the public's interest in COVID-19 and Coronavirus, as described in our March 2020 blog.
• Brand new COVID and Coronavirus-themed websites have been registered and activated for both legitimate and illegitimate means.
• Employees' interest in COVID and Coronavirus-themed websites peaked in mid-March, correlating with the enactment of "lockdown" measures by governments around the word.
• We saw a rise in unwanted emails (malicious, spam or phishing) containing embedded URLs using the keywords of COVID or Corona from negligible values in January 2020 to over half a million blocked per day the end-of-March onwards.
• Note the dip in activity at weekends as is usual with active spam campaigns.
• An email security solution is an effective "first line of defence" against so-called blended threats (emails containing an embedded URL).
Website traffic
Categorization of web traffic was achieved by our Cloud Web Security solution.
Observation 1 – Legitimate web traffic
From mid-January (the start of this reporting period) through to the end of February a steady undercurrent of browsing requests to legitimate COVID or Coronavirus-themed URLs was apparent. These requests relate to so-called COVID-19 tracking sites (sites set up specifically to share data points related to the pandemic) and news websites. During the first two weeks of March 2020 a significant rise (5 million+ categorisations) was observed that may correlate with the onset of lockdown procedures enacted by global governments and a move to remote working. A steady decline in activity was observed for the following three weeks, possibly relating to so-called "news fatigue" and gradual understanding of the "new normal." Interest peaked again last week.
Observation 2 – Malicious web traffic
The chart below shows a steady increase in the number of COVID or Coronavirus-themed URLs categorized by Forcepoint as malicious from March 9 to the present date, with two spikes. As explained in the Highlights above cybercriminals have seen value in generating relevant looking, albeit nefarious, domains to encourage people to click on links in emails or generated by search.
Observation 3 – Newly registered domains
Employees browsed to COVID or Coronavirus-themed domains that were Newly Registered only several hundred times per day for the duration of the three month period. Such domains included so-called COVID trackers and newly registered news websites. Spikes in browsing activity to such domains occurred at multiple times in March. One example of such a spike can be explained by interest in a legitimate Indian COVID-19 tracking site that correlated with an order prescribing lockdown in the country.
Email traffic
Emails identified as "clean," "virus" or "spam" were identified as such by our Cloud Email Security solution. During peak volumes, we identified 1.5 million total COVID-related emails per day. This is the disposition our customers will see in the product's dashboard.
Observation 4 – legitimate email traffic
Employees at organizations around the globe have been sharing, and are in receipt of, legitimate emails containing COVID or Coronavirus-themed embedded URLs. Interest in such content began to noticeably rise in mid-March hitting one million legitimate emails per day across our systems. Interest remains phenomenally high since that point in time.
Observation 5 – spam emails
Spam emails containing COVID or Coronavirus-themed embedded URLs during January and February 2020 were observed in the tens of thousands per day. Scammers ramped up activity in mid-March as they made adjustments to existing spambots. Over half a million scams per day were blocked by Forcepoint X-Labs from mid-March onwards. Notice the decline in such sends during the Easter and Passover period.
Observation 6 – malicious email traffic
Traditionally, the number of malicious emails seen per day through Forcepoint Cloud Email Security solutions are orders of magnitude less than the number of observed spam emails. The same can be said of COVID and Coronavirus-themed malicious emails. Up until the week of March 16 the number of malicious emails containing embedded COVID and Coronavirus-themed URLs had not increased for the previous eight weeks. The week of March 23 saw the largest increase (358%) of such emails compared with the final working day of the previous week. The first week of April saw a significant decline but the number of malicious emails has increased ever since.
What other active mitigation methods are being by deployed Forcepoint X-Labs?
• Forcepoint X-Labs consumes third-party feeds that cover new malware. We are adopting our usual approaches to validate and ingest those feeds as we see an uptick in COVID-specific malware now included in those feeds.
• We are subscribed to the COVID19 Cyber Threat Coalition. This feed has recently been set up by the security industry to share threat telemetry across the community.
• We are working closely with our customers to increase coverage and understand novel ways that malware authors are operating with COVID and Coronavirus-themed attacks.
• Forcepoint X-Labs operates a 24/7 team that monitors our detection and adds new detection rules as appropriate.
• Indicators and trends gained from one product are used to enhance protection across the range of Forcepoint products, including behavioral analytics.
Conclusion
Cybercriminals have adapted to exploit the public's interest in COVID-19 and Coronavirus. This should not come as a surprise to defenders of global organisations as we see this modus operandi on a daily basis. The email and web attack vectors remain key components in a cybercriminal's arsenal. In response to global events we have also seen changes in the behavior of employees within organisations around the world as they respond to mandates set by government or their own employers. — SG


Clic here to read the story from its source.