sb-nz logo
Story image

Trend Micro: COVID-19 related malware and spam on the rise

 Malware and spam related to the Covid-19 pandemic is on the rise globally, according to new research from Trend Micro. 

The cybersecurity solutions firm has released an update on Covid-19 related cyber threats and fraudulent activity, which uncovers global statistics and country threat rankings, garnered from its Trend Micro user base.

The results found that Australia ranked 10th highest in detected email spam connected to Covid-19 from January to March 2020. The United States was identified as the top location for spam and malware detections, and users accessing malicious URLs from January to March.

Globally, Trend Micro has detected an increase in Covid-19 related spam of 220-fold from February to March, and 907,000 total spam messages related to Covid-19 for the same period. The firm detected 737 incidents of malware.

Trend Micro says Covid-19 is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains. As the number of those afflicted intensifies, campaigns that use the disease as a lure likewise increase.

“The shift to remote working has been a huge change for many businesses, as they have had to quickly adopt new technology and processes, which in turn has made many vulnerable to cyber-attacks,” explains Dr Jon Oliver, director and data scientist, Trend Micro. 

“Leveraging current or topical events in social engineering strategies is not a new tactic used by cybercriminals. However, with the unpredictability of the pandemic itself, we are seeing a steep rise in exploitations by cybercriminals using the virus as bait, playing into people’s worry, anxiety, and perhaps lowered security during this time," he says. 

"Now more than ever, businesses need to ensure that their employees are being vigilant when it comes to cybersecurity practices. This includes revisiting security training and protocols with staff and ensuring they are securely set up to work from home.”

Most common attacks to be aware of, according to Trend Micro:

 With spam being the top method to deliver attacks on enterprises (65.7% of attacks), Trend Micro identified that the top samples of this are in the form of:

o   Shipment notifications

o   Coronavirus Ministry of Health updates

·       Emotet, a banking malware variant, has been prominently used in coronavirus campaigns

·       The top emerging techniques for email scam proliferation are:

o   Targeting specific countries, including China and Italy

o   Business Email Compromise

o   Cruel ransomware

o   Sextortion related scams

·       Threat actors exploit the public’s need for information about COVID-19 to distribute malware in the form of:

o   Information stealing software disguised through Coronavirus interactive maps

o   Malicious mobile applications disguised as helping to track cases of COVID-19

o   Fake COVID-19 safety portal from the World Health Organisation (WHO)

o   Fake centres for disease and prevention waitlist that looks to gather personal information

·       The effects of COVID-19 have also reached the cybercriminal underground, as popular items are being sold including:

o   COVID-themed phishing, malware, and exploits

o   Toilet paper, N95 masks, ventilators, and other essential supplies

Story image
Machine identities increasingly exploited, new research finds
Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.More
Story image
Businesses underutilising cloud security due to lack of education and training
Demand is high for cloud security access brokers (CASB), but more training and clear goals are needed to ensure companies get full effectiveness of products.More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More
Story image
Data breaches costing companies millions - could incident response help?
On average, data breaches cost companies $3.86 million per breach, with compromised employee accounts the most expensive root cause.More
Story image
DDoS attacks bigger & more prevalent in Q2 2020 - Cloudflare report
Cloudflare recorded the ‘biggest ever’ attacks – 88% of all large (100 Gbps) attacks this year were launched after the lockdown period in March.More