Since the beginning of the COVID-19 pandemic, threat actors started to actively deploy opportunistic campaigns using Coronavirus lures.
Anyway, Microsoft says that malware attacks that abused the COVID-19 theme only had a temporary effect on the total volume of threats detected by the IT giant.
COVID-19 themed attacks peak in the first two weeks of March, when several nations were taking action to limit the outbreak. By the end of March, every country in the world was hit at least by one Coronavirus campaign.
Threat actors launched malspam campaigns using malicious attachments or using massages containing links that redirect users to phishing pages or malware downloads.
“The week following that declaration saw these attacks increase eleven-fold. While this was below two percent of overall attacks Microsoft saw each month, it was clear that cybercriminals wanted to exploit the situation: people around the world were becoming aware of the outbreak and were actively seeking information and solutions to combat it.” reads a post published by Microsoft. “Worldwide, we observed COVID-19 themed attacks peak in the first two weeks of March.”
While the overall trend of malware detections worldwide did not vary significantly during this time, experts observed a spike of COVID-19 themed attacks that confirms that threat actors only changed tactics to take advantage of the pandemic.
Most of the campaign observed by Microsoft were highly localized, during the outbreak threat actors closely mimicked the local developments of the crisis and the response to the crisis.
Most of the COVID-19 malware campaigns targeted users in a specific country and used weaponized documents using local news and local developments as lures.
“Malware campaigns, attack infrastructure, and phishing attacks all showed signs of this opportunistic behavior.” continues the report.
“They preyed on our concern, confusion, and desire for resolution,”
Microsoft confirmed that major malware operators didn’t put particular effort into launching COVID-19 theme attacks.
Threat actors infect continued to use the same attack infrastructure and the same malware while using Coronavirus lures updating old email templates.
Currently, Microsoft COVID-19-themed malware attacks have dropped, but they are still higher than the number of attacks detected at the beginning of the pandemic in early February.
Microsoft researchers have no doubt, threat actors will continue to use Coronavirus lures as long as COVID-19 pandemic persists.
“Overall, COVID-19 themed attacks are just a small percentage of the overall threats the Microsoft has observed over the last four months. There was a global spike of themed attacks cumulating in the first two weeks of March.” concludes the report. “Based on the overall trend of attacks it appears that the themed attacks were at the cost of other attacks in the threat environment.”
(SecurityAffairs – hacking, COVID-19)