With the Coronavirus pandemic still going strong, cybercriminals have continued leveraging this crisis by pushing threats designed to compromise victims’ data and security. If during mid-March we’d already seen a five-fold increase in Coronavirus-related threats, recent telemetry shows that cybercriminals have not backed down on their campaigns. If anything, the number of threats exploiting the pandemic has increased during April, as more countries became affected by SARS-CoV-2.
Telemetry on Coronavirus-related threats between March and April reveals that Covid-19-themed threat reports are becoming the new norm, at least until the pandemic will blow over. Daily threat reports reveal that attackers seem to scale up their campaigns during the week and throttle them down over the weekends.
The global daily evolution of COVID-themed threats shows consistent effort from cybercriminals and a continued interest in exploiting fear and misinformation about the global pandemic to get victims to click on malicious links, open malicious attachments, or even download and install malware.
Countries that have reported the largest number of Coronavirus-themed reports seem to have also been those hit hardest by the pandemic. For example, the top countries that reported the largest number of themed-malware reports include the United States, Italy, and the United Kingdom
While the United Kingdom ranked fifth in April, it’s likely that threat actors focused their campaigns on countries in which the Coronavirus pandemic had started trending, hence preying on fear and misinformation to maximize their success for compromising victims.
The verticals hit hardest by these threats during the full month of March seem to involve Retail, Transportation, Manufacturing, Technology, and Hospitality-Leisure. While the number of attacks against Healthcare has definitely increased during the pandemic compared to what they traditionally used to be, it cannot compete in terms of sheer numbers and volume with companies activating in Retail, Transportation, Manufacturing, or Education- verticals that are also confronted with an increase in malware related to Coronavirus.
One reason why these verticals have been hit hard is the sheer number of players in these areas compared to the healthcare industry.
And since this telemetry is strictly based on Coronavirus-themed reports, it doesn’t exclude the possibility that Healthcare and other verticals may have seen an increase in other types of malware, such as ransomware.
Government and Financial Services have moved up the list of targeted industries, potentially as cybercriminals realized that these institutions are also more likely to fall prey to deceptive messages as they were also interested in learning how to cope with the ongoing crisis, especially with workforce restrictions in place.
As April took a turn for the worst for the United States in the sense that the pandemic reached a record-high number of infections, with an alarming number of people from both the East and West Coast reporting infections, we’ve noticed an interesting correlation between the total number of new tests for each state and our coronavirus-themed malware telemetry.
Receiving an email claiming to have new and interesting information about the pandemic with more exclusive information embedded within the attachment is the perfect lure. That email attachment is likely tainted, with threat actors preying on everyone’s fear in order to convince them to open it. Most of these emails usually claim to be from WHO, NATO, UNICEF, or other global legitimate organizations, according to our findings, hence making people more curious and therefore more vulnerable to these attacks.
Another interesting fact is that if we are to compare the evolution of Coronavirus-themed threats between Europe and the United States on a weekly basis, US threat reports seem to evolve with a one-week delay.
The SARS-CoV-2 (COVID-19) global pandemic is not going away any time soon and it’s likely that cybercriminals will continue exploiting and leveraging the crisis to their own advantage. Coronavirus-themed threats will likely continue under the form of spearphishing emails, fraudulent URLs and event malicious applications, all exploiting fear and misinformation in order to trick victims into unwillingly giving away personal, sensitive or financial information.
It’s likely these campaigns will plateau in time, but as long as the threat of infection with SARS-CoV-2 is real, cybercriminals will keep exploiting the topic, enticing victims with vaccines and miracle cures.
If staying safe from the SARS-CoV-2 infection implies social distancing and adhering to best practices in terms of personal hygiene, the same rules apply in the cyberworld. Don’t believe anything you read online and try to check the legitimacy of any information by consulting legitimate sources, always have a security solution installed on all your devices, and be sure to avoid opening attachments or clicking on links especially if they’re unsolicited or from unknown parties.
Note: This article is based on technical information provided from Bitdefender Labs teams.