While we struggle to contain the outbreak of the coronavirus worldwide, its impact is spreading rapidly across the globe. Countries are shutting their borders and imposing isolation on cities and states, businesses are scaling back their operations, the entertainment world is going into hibernation and retailers worldwide are closing their doors.

And of course, when the real economy falters, the underground economy springs into action. Hackers around the globe are taking advantage of the Covid-19 outbreak by accelerating their activities to spread their own infections.

Outbreak of Coronavirus-related domains

In a previous report, we’ve seen that Coronavirus-related domains are 50% more likely to be malicious than other domains registered during the same period, and also higher than recent seasonal themes.

Since the beginning of January, during the period where initial outbreaks were being reported, over 16,000 new coronavirus-related domains were registered.

In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered – the average number of new domains is almost 10 times more than the average number found in previous weeks. 0.8% of these domains were found to be malicious (93 websites), and another 19% were found to be suspicious (more than 2,200 websites).

In the last week, more than 6,000 new domains were registered – a 85% increase compared to the week before.

Immediately following the news of the Covid-19 outbreak, cyber criminals started using global media interest as a cover to spread their malicious activity. The graph below shows the trend line of the overall search for coronavirus by Google Trends, compared to the trends we observed in social media discussions on cybersecurity and cyber-crime in relation to the virus.

And we are now seeing that hackers view this pandemic as a great opportunity to accelerate their business. Like “Cyber Monday” or “Black Friday”, our researchers have found several “coronavirus specials”!

Special offers by different hackers promoting their “goods” – usually malicious malware or exploit tools – are being sold over the dark net under special offers with “COVID19” or “coronavirus” as discount codes, targeting wannabe cyber-attackers. Here are some examples:

“CoronaVirus Discount! 10% off ALL products” – and no, this is not for fashion merchandise, nor this is for a new smart watch. Some of the “goods” available to purchase at special rates include “WinDefender bypass” and “Build to bypass email and chrome security.”

In the following example, we found a group of hackers that go by the name of SSHacker, that describe themselves as “dedicated to providing the best hacking services since 2005” and now offering the service of hacking into Facebook accounts at a discounted rate!

15% off with COVID-19 code

And it doesn’t stop there. Of course there are many fake online ‘sales’ offering premium goods at unbelievable prices. A seller that goes by the name of “True Mac” offers the “most-loved Mac” model – MacBook Air – in the fantastic price of US$390 as a “corona special offer”. As the old expression puts it, if it sounds too good to be true, it probably is.

As always, be very wary of any website that offers “once-in-a-lifetime” deals no matter how authentic looking it is. To avoid falling victim to online scams, our recommendations for safe online behaviour are:

Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts.

Don’t open unknown attachments or click on links in the emails.

Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.

Remember that as well as washing your hands regularly, it’s important to keep up your cyber-hygiene, too.