More than 16 million COVID-themed cyberattacks launched in 2020

A Trend Micro report found that its system dealt with 16.4 million threats that used COVID-19 as a hook.

office.jpg

Image: iStock/halfpoint

COVID-19 dominated everyone's lives throughout 2020 but a new report from cybersecurity company Trend Micro found that the pandemic was also the main theme of nearly 16.5 million threats and attacks launched against its customers.

In Trend Micro's "2020 Annual Cybersecurity Report," researchers wrote that they dealt with 16,393,564 threats that had a COVID-19-related tint to them, with 88% of the threats coming in spam emails and another 11% coming in the form of URLs. Malware accounted for 0.2%, or nearly 33,000, of the threats. 

"The vast majority of our detections of Covid-19-themed threats came in the form of malicious spam emails, including those that phished for personal and financial information, and most of them came from the US, Germany, and France, which were also among the countries that had been hit hardest by the pandemic," the report said. 

SEE: Identity theft protection policy (TechRepublic Premium)

"The scammers behind these threats gave them a sense of currency and urgency by customizing them with references to relevant concerns such as Covid-19 stimulus packages and vaccine rollouts. Business email compromise (BEC) scammers also banked on the pandemic: The subject lines of the bulk of the BEC samples we detected mentioned Covid-19." 

The report found that most of the COVID-19-themed attacks came from the countries hit hardest by the pandemic, with nearly 40% of the threats coming from the United States. 

The European countries of Germany, France and the United Kingdom accounted for another 28% of the attacks while 30% came from other countries. 

"Malicious actors have learned that Social Engineering and Phishing attacks are more effective when they have a timely and relevant hook to bring in their victims. The more a target identifies with the subject line, the more likely they are to open the email and fall for the attack," said Saryu Nayyar, CEO of cybersecurity firm Gurucul. 

"The pandemic has proven a boon for these attackers, as people are justifiably concerned for their health and safety. The fact is, cybercriminals and other malicious actors have learned the old political lesson well: never let a good crisis go to waste."

Atlas VPN noted that many of the spam emails carried subject lines with the words "COVID-19 issue" or "Important message on COVID-19" and others made references to vaccines or rapid tests, all in an effort to get people to open them and click on links inside. 

"The pandemic has created the perfect storm for cybercriminals. First of all, many companies were forced to shift to remote work, and less prepared ones became a quick gain for online attackers. Secondly, the general panic and fear of the pandemic made people more susceptible to such threats," said Rachel Welch, COO of Atlas VPN.

Other cybersecurity experts noted that attackers want to use anything that will get people to open an email, and due to the rampant discussion of COVID-19, it is an easy tool for cybercriminals and others.  

Bill Santos, president and COO of security firm Cerberus Sentinel, noted that the ambiguity of the COVID-19 pandemic created a perfect situation for millions of attacks to be launched.  

"People were scared, looking for information, and highly biased to engage any resource offering hope.  Many bad actors preyed on this need, causing many individuals to engage in a way that they might not normally do (clicking a link, downloading a file, etc), and creating this tremendous surge in cyber events," Santos said. 

Eric Howes, principal lab researcher at KnowBe4, called the pandemic "the gift that kept on giving" for cyberattackers considering how useful it was for social engineering attacks.

People were, and still are, spending inordinate amounts of time on their devices because of the pandemic, and the scramble for information about the virus created a perfect storm for attackers to lure in unsuspecting victims. 

"Indeed, the pandemic was perfectly suited to be exploited by bad actors through email, given that users were inundated with all manner of email messaging about the virus -- from employers, friends, family, the media, governmental agencies, private businesses, health care institutions and even their own Congressional representatives," Howes said. 

"For malicious actors, it has proven all too easy to slip their own malicious messaging into the raging river of virus-themed emails, often imitating, spoofing and playing off of events, announcements, trends and new developments in the struggle to contain, manage and somehow live under the shadow of the virus. Bad actors spoofed employers (esp. HR departments), governmental agencies at all levels, news media and healthcare institutions to push malicious attacks that delivered credential spoofs and malware."

The pandemic forced millions to rely deeply on mobile apps across all sectors, according to Approov CEO David Stewart. He explained that the traffic growth his company has seen in its customer base has been matched by the increase in attack attempts through the APIs that service mobile apps; data scraping, credential stuffing and fake account onboarding being just some examples.

Other security experts attributed the avalanche of COVID-19-related attacks to the shift to remote working that thousands of businesses went through at the onset of the pandemic. 

"We are not finished with COVID-based phishing attacks, even if some public figures are now pointing to some "light at the end of the tunnel" as vaccinations ramp up around the world," Howes said. 

"Just as COVID-19 is now predicted to be with us for a long time, perhaps even becoming a seasonal event like the flu, we can expect COVID-themed phishing emails to continue in a similar fashion, if at a lower volume. As long as the virus is with us, it will provide fodder for malicious actors to use."

Also see