Cybercriminals seek to capitalize on COVID-19
Starting in March and continuing through most of the spring, there has been a significant increase in malicious emails utilizing various COVID-19 issues as a lure to manipulate users into exposing themselves to various email attacks and scams.
The latest Attack Landscape report from F-Secure shows COVID-related emails range from attempting to trick users into ordering face masks from phony websites to infecting themselves with malware by opening malicious attachments.
Three-quarters of attachments in these emails contained infostealers, attempting to obtain sensitive information. Lokibot being the most common malware family employed.
"Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns. The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties," says Calvin Gan, a manager with F-Secure's Tactical Defense Unit. "Spotting malicious emails isn't typically a priority for busy employees, which is why attackers frequently attempt to trick them into compromising organizations."
Among other findings of the report, finance was the most frequently spoofed industry in phishing emails, and Facebook the most frequently spoofed company. Email remains the most popular way of spreading malware, and accounted for over half of all infection attempts. Telnet and SSH were the most frequently scanned IP ports.
Attacks using cloud-based email services are steadily increasing too and the report highlights a significant spike in phishing emails that targeted Microsoft Office 365 users in April.
"Notifications from cloud services are normal and employees are accustomed to trusting them. Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud," explains F-Secure's director of B2B Product Management, Teemu Myllykangas. "Securing inboxes in general is already a challenge, so companies should consider a multilayer security approach that combines protection technologies and employee education to reduce their exposure to email threats."
You can get the full report from the F-Secure blog.