The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw the first of what would be an onslaught of criminal activity using the pandemic to manipulate users, and over the course of the year these attacks have been modified to reflect local and global fallout.
The coronavirus has not only been used heavily as a theme across threat types, but also driven the fundamental shift to remote work. In this piece, we take a look at how COVID-19 has shaped cyber security.
Malicious email campaigns using COVID-19 as a tactic began appearing at the beginning of the year, shortly after WHO declared a global health emergency. COVID-19’s rapid spread quickly normalized updates from healthcare experts and government leaders, and as a result the CDC and WHO became some of the first and most frequent organizations impersonated.
Lure Impersonating the CDC
Initial lures took the form of fake information regarding the virus, access to a cure, and biotech authorities communicating critical data. The threat types varied, but each ultimately encouraged victims to click on a link, open a document, or communicate with the sender.
- Business Email Compromise (BEC)
- 419 Scams
- Phishing Lures
- Job Scams
Over the course of March, the cyber community saw a 667 percent surge in covid-themed phishing emails. The rapid increase in virus-led fears such as job loss, an unstable economy, and lack of basic needs like health insurance coverage gave threat actors a treasure chest of content to use against unsuspecting and concerned victims.
Fake Insurance Policy Lure
By April, threat actors were attacking victims via mobile devices and social media platforms. Social media is increasingly a preferred channel for criminals because of its ability to instantly distribute information and leak data on a global scale. Criminals used these platforms to engage in a variety of attacks, including money-flipping scams that promised free cash to those economically affected by COVID-19.
Money-Flipping Scam on Twitter
There was a 273 percent increase in data breaches during Q1 of this year, when vulnerabilities brought on by accelerated digital transformation gave threat actors access to systems that might otherwise have been protected. The pandemic forced many businesses to rapidly change how they used technology, and as a result, initiatives that normally would have spanned years were implemented in a matter of weeks and months, leaving weaknesses exposed. Credential theft was a huge contributor to compromise, with 80% of hacks occurring as a result of stolen data through phishing lures and sites.
Credential Theft Site
Ransomware also made headlines in the wake of COVID-19. Maze ransomware operators stood out early on, promising to cease attacks on healthcare. This proved to be a lie when in May they listed stolen medical data for sale on the dark web.
The sale of compromised data is a change we have seen by operators in 2020, with ransomware and data leaks overlapping into the hybrid tactic known as double extortion. In Q3, ransomware attacks increased 50 percent from the first half of the year, indicating the tactic is aiding in its popularity. Healthcare, COVID-19's most vulnerable industry, is the most targeted by ransomware operators globally.
As we wrap up the year, the cyber security community is still grappling with the many faces of COVID-19 threats. Work environments and societal priorities have changed as a result of the virus, and attackers are taking advantage of the new encyclopedia of ways they can manipulate the vulnerable. As criminals continue to repurpose attacks exploiting the ongoing crisis, security teams must continue to pivot as well. PhishLabs’ Digital Risk Protection and Email Intelligence & Response help organizations detect and mitigate threats that abuse the novel coronavirus.