At the request of our customers, March 9th, RiskIQ’s team of trained intelligence analysts began compiling disparate data and intelligence related to COVID-19 into comprehensive daily reports. Each report combines major updates around COVID-19 and its impacts on cities, neighborhoods, schools, and businesses as well as other essential data that helps raise the situational awareness of both physical and cybersecurity teams.
This intelligence will help inform the decisions of security teams, who face new requirements during these unprecedented times. Here, RiskIQ strives to provide the security community with a single source of factual reporting and informed analysis to help the security community discover unknowns about their environment and investigate threats.
3/17/20 Digital Exploitation Highlights
- FBI issues public alert for malicious websites and apps, deception involving #COVID19 cases
- Alert comes one day after a cyber-attack on the US Department of Health and Human Services
- Large internet companies issue joint statement aimed to curb misinformation on #COVID19, group includes Facebook, LinkedIn, Google, Microsoft, YouTube, and Twitter among others
- Cybercriminals exploit #COVID19 uncertainty, launch new attacks with trojan and phishing techniques
RiskIQ’s External Threats platform identified 31 URLs that appear to be malicious. The platform discovered these URLs by cross-indexing automated searches of the keywords “COVID-19” and “Coronavirus” with malware and phishing detection tools.
COVID-19 Email Spam Statistics
RiskIQ analyzed its spam box feed for the time period of 03/13/2020-03/16/2020. During this four-day period, RiskIQ analyzed 437,887 spam emails containing either “*corona*” or “*covid*” in the subject line. There were 54,847 unique subject lines observed during the reporting period. The spam emails originated from 32,535 unique sending email addresses and 44,165 unique SMTP IP Addresses. Analysts identified 536 emails, which sent an executable file for Windows machines.