The big numbers that reveal the scope and scale of online scamming

Cloud-based threat intelligence is the only way to keep ahead of the bad guys, says Check Point's Eddie Doyle

Scammers and hackers know that both events and numbers are currently on their side. People become vulnerable when their routines are disrupted. Worried about Covid-19 and struggling to adjust to changed circumstances, they are more likely to fall for a carefully crafted scam - or even a clumsy one. Scammers and hackers have millions of email addresses and phone numbers at their disposal and time on their hands. The marginal cost of each message is close to zero, and they may only need to hit the target a couple of times for their efforts to pay for themselves.

The numbers tell their own story said Eddie Doyle, cyber security evangelist at Check Point during a Q&A session at Computing's Deskflix: Public Sector event this week. 68,000 Covid-related websites sprang up in the first ten weeks of lockdown, he said, of which two per cent are "absolutely malicious" and a further 21 per cent are "suspicious".

"We're digging through them as fast as we can but there are tens of thousands and they keep going up all the time," Doyle said.

The lockdown and the subsequent government bailouts have provided a rich fishing ground for hackers. Google has said that in one week in there were 18 million daily malware and phishing emails related to Covid-19 business support scams, and those were in addition to the 214 million daily spam messages on the virus.

And Covid scams are just the tip of the iceberg.

To give an idea of the scope and scale of the treat landscape, Check Point ThreatCloud typically inspects 10 trillion access logs and finds 86 billion indicators of compromise (IoCs) per day. As a comparison, 6 billion searches are performed on Google in the same time frame.

"It's a busy world right now," said Doyle.

The main danger for organisations is that homeworkers connected to the company network may spread malware there, or that sensitive data or credentials may stolen from their devices. Despite this risk, the uptake of endpoint security software and compliance checking remains relatively low, according to Doyle.

Public sector organisations are particularly vulnerable to attacks on homeworkers devices, he went on.

"The advantage the private sector has is they typically know roughly who they're doing business with and if there's a new person it raises a flag automatically. But in the public sector they're there to serve the citizenry. How can they tell that for which of the citizens a threat actors are which are decent ordinary human being?"

Because of the scale and scope of the threat and the difficulty in authenticating individuals, organisations need real-time intelligence if they are to stay ahead of the threat actors. This intelligence can be drawn from monitoring IoT devices, endpoints, cloud services and stored in a central place where it can be accessed automatically by defensive systems, which is where cloud comes into its own.

"This is the mind shift that needs to happen in both public and private sectors. We're not just securing the cloud let's use the cloud, to secure our environments," said Doyle.