Positive Technologies: cybercriminals pivoting from social engineering to hacking with interest in COVID-19 vaccine increasing

Positive Technologies’ experts have released a report which gives an overview of the cyber threat landscape during Q3 2020. Ransomware attacks have grown, with hacking now accounting for 30 percent of all attacks, and the healthcare industry is increasingly targeted by criminals. In particular, attackers have begun exploiting worldwide interest in a COVID-19 vaccine.

The report indicates a slowdown in the explosive growth in attacks seen during the first two quarters of the year as the COVID-19 pandemic picked up steam. Additionally, the number of targeted attacks remain stubbornly high, growing from 63 percent in Q2 to 70 percent in Q3.

Healthcare organisations were hard-hit in the third quarter. Half of all attacks against them involved ransomware, resulting in serious consequences such as attackers cashing in on patient data and crippling hospital functions and systems. Attackers did not spare clinics where COVID-19 patients were being treated or pharmaceutical sites where vaccine research was being conducted.

The third quarter also brought a record rise in the number of ransomware attacks, which accounted for over half of all malware attacks - 51 percent of the total in Q3 compared to 39 percent in Q2. Additionally, social engineering has become relatively less common since the start of the year, falling from 67 percent of attacks against organisations in Q1 to just 45 percent in Q3.

Due to the pandemic triggering a mass shift to remote working, many companies have made services available on the network perimeter for the first time. Thus, attackers have had ample opportunities to strike at companies that have not taken the proper security precautions. Exploitation of vulnerabilities (as a method for attacking organisations) grew by 30 percent, which is 12 percentage points more than in the previous quarter as attackers are actively targeting flaws in remote access systems.

The number of attacks on manufacturing and industrial companies has also remained high since the start of the year, with APT groups and ransomware operators the primary culprits. Nearly 70 percent of attackers in this instance continued to use email as their primary initial vector. The share of attacks using ransomware accounted for 45 percent of the total number of attacks, and 20 percent of attacks in Q3 included spyware or malware for remote administration.

Analyst Yana Yurakova at Positive Technologies said: "According to our data, COVID-19 is being exploited in attacks on individuals as well as organisations. In regard to individuals, we see that the number of phishing emails related to COVID-19 is dropping quickly. Pandemic-themed messages fell from 16 percent of social engineering attacks in Q2 to just 4 percent in Q3. In the previous quarter, phishing emails would advertise personal protective equipment or offer information about the virus, whereas now they are exploiting interest in a vaccine. One mailing addressed to people in the United Kingdom claimed that local vaccine efforts were going slowly and offered a supposed vaccine for sale on the site of a Canadian pharmacy chain. Individuals need to stay extra vigilant of the threats which are circulating linked to the pandemic.