Coronavirus update: In the cyber world, the graph has yet to flatten

The struggle against the coronavirus pandemic continues to make an impact globally. According to Dr. Anthony Fauci, – longtime director for the National Institute of Allergy and Infectious Diseases and the emerging face of American leadership in the fight against the virus – it is estimated that the U.S. may see between 100,000 and 200,000 deaths from the coronavirus.

And in cybersecurity, the numbers too continue to increase. As we have previously reported, while retailers and other non-essential businesses are closing their doors, hackers are opening up for business, with the number of coronavirus-related cyber-attacks on the rise.

Based on ThreatCloud, Check Point’s industry-leading threat intelligence engine, our researchers found that though cyber-attacks in general have decreased somewhat since the outbreak and economic downturn, coronavirus-related attacks have increased significantly.

From January to March, we witnessed a drop of 17% monthly in the overall number of cyber threat activities in organizational networks worldwide.

However, since mid-February, we have seen an escalation in the number of coronavirus-related cyber-attacks, and in the past 2 weeks alone, the numbers have increased dramatically from a few hundred daily to as high as over 5,000 on March 28. On average, there have been over 2,600 attacks daily.

We define coronavirus-related attacks as those that involve

  • websites with “corona”/”covid” in its domain
  • files with “Corona” related file names
  • files that have been distributed with coronavirus-related subjects in their email


The graph represents all coronavirus-related attacks that have been detected by Check Point’s different Threat Prevention technologies across networks, endpoints and mobile devices.

Eighty-four percent of the events were triggered by phishing websites. Approximately 2% of the events involved the victim accessing the malicious website using his/her mobile device.

In the past two weeks, since our last update, more than 30,103 new coronavirus-related domains were registered, of which 0.4% (131) were malicious and 9% (2,777) were suspicious and under investigation. This means over 51,000 of coronavirus-related domains in total have been registered since January 2020.

Netflix-related websites

While it is not surprising that the pandemic has resulted in Netflix’s subscriber growth, the brand has been used as part of various web-based fraud schemes. In recent weeks in particular, we have observed a substantial 2x growth in the number of phishing attacks by websites posing as Netflix sites. Most of these sites were registered in recent months, including domains that use the virus’s official name given by the World Health Organization (

Some of these websites offer payment options, in attempt to fraudulently get user details and their payment means.

Here’s an example:

Staying protected

So how can you avoid falling victim to these scam attempts? Our recommendations for safe online behavior are:

  1. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  2. Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
  3. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  4. Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
  5. Make sure you do not reuse passwords between different applications and accounts.
  6. Organizations should prevent zero-day attacks with an end to end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time.