Positive Technologies finds 13% of phishing attacks in Q1 were related to COVID-19

Positive Technologies experts have analyzed cyberattacks in Q1 2020 and found that the number of attacks increased by nearly a quarter compared to Q4 2019. Of these, about 13 percent of all phishing attacks were related to COVID-19. The experts also found more ransomware operators demanding ransom in exchange for not disclosing stolen data.

The research report, Cybersecurity Threatscape Q1 2020 shows 22.5 percent more attacks in the first quarter of this year than Q4 2019. In Q1 2020, there were 23 very active APT groups whose attacks targeted mostly government agencies, industrial, finance, and medical institutions.

Analysis showed that more than a third (34%) of all malware attacks on organizations were attacks that used ransomware. Positive Technologies experts noted that ransomware operators have created their own websites where they publish stolen data if the victims refuse to pay the ransom. They also found that one out of every ten ransomware attacks targeted industrial organizations. At the beginning of the year, many cybersecurity experts found high levels of activity relating to a new ransomware called Snake, capable of stopping processes related to ICS operation and deleting shadow copies -- backup copies or snapshots of files in use.

The experts also noted that malware infection risk is also growing and criminals are increasingly using more than one single type of malware - they use multifunctional trojans or inject compromised devices with a whole assortment of malware. To prevent employee computers from being infected with malware such as this, Positive Technologies recommends checking email attachments for malicious activity with sandboxes¹.

Attacks Related to COVID-19

The percentage of malware attacks (81 percent vs. 66 percent) and social engineering attacks (79 percent vs. 66 percent) against government agencies increased significantly compared to Q4 2019. According to Positive Technologies experts, this may be due to the pandemic - many attackers sent emails to government agencies of various countries with a malicious attachments related to the coronavirus crisis.

“Hackers were quick to use common concerns about coronavirus as lures in phishing emails,” said Yana Avezova, Positive Technologies analyst. “An estimated 13 percent of all phishing emails in Q1 2020 were related to COVID-19. Of those, about a half (44 percent) targeted individuals. One out of every five emails was sent to government agencies.”

“The experts saw an increase in COVID-19 phishing emails from the second half of January," says Alexey Novikov, Director of PT Expert Security Center. “The pandemic situation was used both for mass malware campaigns and APT attacks.”

In Q1, Emotet, Remcos, AZORult, Agent Tesla, LokiBot, TrickBot, and many other trojans were distributed under the guise of official information about infection statistics, a vaccine, and prevention measures, allegedly coming from government authorities and medical institutions. Groups like TA505, Hades, Mustang Panda, APT36, SongXY, and South Korean Higaisa also sent emails laced with malicious attachments related to the pandemic.

For more information, please download the full report here: Cybersecurity Threatscape Q1 2020

1. A sandbox is a solution which allows launching a file in an isolated virtual environment and analyzing it for malicious activity. The best tool for both mass and targeted attacks are sandboxes with environment customization.