Despite the abundance of news related to cyber criminals exploiting COVID-19 fears with pandemic-related scams, phishing and malware campaigns, there is no surge in malicious attacks due to a coronavirus pandemic, Microsoft says. In fact, of the millions of emails Microsoft scans daily, only 60,000 include COVID-19-related malicious attachments or malicious URLs, which represents less than two percent of malicious email traffic. That means, that cyber criminals merely have altered existing attacks, switching to COVID-19-related lures.
“Attackers don’t suddenly have more resources they’re diverting towards tricking users; instead they’re pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click. Once we click, they can infiltrate our inboxes, steal our credentials, share more malicious links with coworkers across collaboration tools, and lie in wait to steal information that will give them the biggest payout,” the company said.
According to Redmond, every country in the world has seen at least one COVID-19 themed attack, with China, the United States, and Russia have been hit the hardest.
Since the start of the pandemic, the researchers observed Trickbot and Emotet malware families actively repurposing their lures to take advantage of the coronavirus outbreak.
“We have observed 76 threat variants to date globally using COVID-19 themed lures, ” Microsoft said.
In their phishing campaigns attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health.
But not only common cyber crooks are trying to take advantage of the coronavirus scare, state-sponsored groups also have been seen switching from regular phishing baits to COVID-19 themed emails. For example, in March a spear phishing campaign has been detected in which Pakistan-linked APT 36 attempted to infect victims with Crimson RAT designed to steal credentials from computers.