Show vulnerabilities with patch / with exploit
9 April 2020

Less than 2% of all daily malspam uses COVID-19 lures


Less than 2% of all daily malspam uses COVID-19 lures

Despite the abundance of news related to cyber criminals exploiting COVID-19 fears with pandemic-related scams, phishing and malware campaigns, there is no surge in malicious attacks due to a coronavirus pandemic, Microsoft says. In fact, of the millions of emails Microsoft scans daily, only 60,000 include COVID-19-related malicious attachments or malicious URLs, which represents less than two percent of malicious email traffic. That means, that cyber criminals merely have altered existing attacks, switching to COVID-19-related lures.

“Attackers don’t suddenly have more resources they’re diverting towards tricking users; instead they’re pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click. Once we click, they can infiltrate our inboxes, steal our credentials, share more malicious links with coworkers across collaboration tools, and lie in wait to steal information that will give them the biggest payout,” the company said.

According to Redmond, every country in the world has seen at least one COVID-19 themed attack, with China, the United States, and Russia have been hit the hardest.

Since the start of the pandemic, the researchers observed Trickbot and Emotet malware families actively repurposing their lures to take advantage of the coronavirus outbreak.

“We have observed 76 threat variants to date globally using COVID-19 themed lures, ” Microsoft said.

In their phishing campaigns attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health.

But not only common cyber crooks are trying to take advantage of the coronavirus scare, state-sponsored groups also have been seen switching from regular phishing baits to COVID-19 themed emails. For example, in March a spear phishing campaign has been detected in which Pakistan-linked APT 36 attempted to infect victims with Crimson RAT designed to steal credentials from computers.

Back to the list

Latest Posts

REvil ransomware group announces its first ever stolen data auction

REvil ransomware group announces its first ever stolen data auction

REvil ransomware operators escalate their extortion tactics.
3 June 2020
Apple fixes recent iPhone “unc0ver” jailbreak flaw

Apple fixes recent iPhone “unc0ver” jailbreak flaw

The vendor issued the security patches less than a week after the hackers have released jailbreak tool called “Unc0ver”.
3 June 2020
DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

The gang says it breached the network of one of NASA IT contractors.
3 June 2020
Featured vulnerabilities
MitM attack in GnuTLS
Medium Patched | 04 Jun, 2020
Spoofing attack in Docker
Medium Patched | 03 Jun, 2020
Information disclosure in GitLab
Medium Patched | 03 Jun, 2020
Multiple vulnerabilities in Google Chrome
High Patched | 03 Jun, 2020
Privilege escalation in ABB Central Licensing System
Medium Not Patched | 03 Jun, 2020