It’s no secret or surprise that cybercrooks have taken advantage of the global coronavirus pandemic, but new research from Microsoft has given a greater glimpse into their behaviour.
Microsoft said that cybercriminals exploitation of the coronavirus crisis peaked in early March, but steeply dropped off after that, reaching a steady baseline in early April.
- Best antivirus: stay safer online with watertight virus protection
- VPN: add a layer of extra security thanks to a virtual private network
- Just in: Beware of Google Alerts data-breach notifications
According to insight from Microsoft's Threat Protection Intelligence Team, cyber criminals began launching opportunistic campaigns once the World Health Organization revealed the Covid-19 pandemic on February 11.
"The week following that declaration saw these attacks increase eleven-fold," the report said.
"While this was below two percent of overall attacks Microsoft saw each month, it was clear that cybercriminals wanted to exploit the situation," the report added. "People around the world were becoming aware of the outbreak and were actively seeking information and solutions to combat it.”
Adapting to chaos
When many countries around the globe began introducing lockdown measures to curb the disease’s spread at the beginning of March, Microsoft said the number of Covid-19 attacks peaked at that point.
Although online crooks have been leveraging the global pandemic to launch effective attacks, the firm said the overall trend of malware detections worldwide, coronavirus-related or not, did not vary significantly during this time and was a blip in the total volume of threats we typically see in a month.
Interestingly, hackers didn’t reinvent the wheel when it came to deploying attacks during this period.
The report says: “Looking through Microsoft’s broad threat intelligence on endpoints, email and data, identities, and apps, we concluded that this surge of Covid-19 themed attacks was really a repurposing from known attackers using existing infrastructure and malware with new lures.”
Calling the attacks "opportunistic," Microsoft said they targeted key industries -- as well as people working to tackle the pandemic -- and preyed on people’s concern, confusion and desire for resolution.
"Cybercriminals are adaptable and always looking for the best and easiest ways to gain new victims. Commodity malware attacks, in particular, are looking for the biggest risk-versus-reward payouts," explained Microsoft.
“The industry sometimes focuses heavily on advanced attacks that exploit zero-day vulnerabilities, but every day the bigger risk for more people is being tricked into running unknown programs or Trojanized documents.”
Leveraging regional news
In the report, researchers focused on the US, UK and South Korea. All three countries saw Covid-19 attacks peak concurrently, but the perpetrators tailored their attacks to headlines in different parts of the world.
For example, in the UK, attacks surged after the first coronavirus fatality was announced, and again when Prime Minister Boris Johnson ended up in intensive care with the virus.
Microsoft added: “Organizations should further improve security posture by educating end users about spotting phishing and social engineering attacks and practising credential hygiene.”
- Read more: Get the best business VPNs for your firm and employees
