13 percent of Q1 phishing attacks related to COVID-19

In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.

A new report from Positive Technologies also shows that in Q1 there were 23 very active APT groups whose attacks targeted mostly government agencies, industrial, finance, and medical institutions.

"Hackers were quick to use common concerns about coronavirus as lures in phishing emails," says Yana Avezova, Positive Technologies analyst. "An estimated 13 percent of all phishing emails in Q1 2020 were related to COVID-19. Of those, about a half (44 percent) targeted individuals. One out of every five emails was sent to government agencies."

In Q1, Emotet, Remcos, AZORult, Agent Tesla, LokiBot, TrickBot, and many other Trojans were distributed under the guise of official information about infection statistics, a vaccine, and prevention measures, allegedly coming from government authorities and medical institutions. Groups like TA505, Hades, Mustang Panda, APT36, SongXY, and South Korean Higaisa also sent emails laced with malicious attachments related to the pandemic.

Among other findings of the report is that more than a third (34 percent) of all malware attacks on organizations used ransomware. Positive Technologies experts note that ransomware operators have created their own websites where they publish stolen data if the victims refuse to pay the ransom.

They have also found that one out of every 10 ransomware attacks targeted industrial organizations. At the beginning of the year, many cybersecurity experts found high levels of activity relating to a new ransomware called Snake, capable of stopping processes related to ICS operation and deleting shadow copies -- backup copies or snapshots of files in use

You can find more in the full report on the Positive Technologies site.

Image credit: lightsource / depositphotos