Microsoft Sees 60,000 COVID-19 Phishing Emails Every Day
The number of COVID-19-themed attacks has increased significantly over the past couple of months, but they represent only a fraction of daily threats, security firms say.
Just as the joint alert issued on Wednesday by the U.S. Department of Homeland Security (DHS) and the United Kingdom’s National Cyber Security Centre (NCSC) noted, the overall levels of cybercrime did not increase, despite the massive spike in COVID-19-related themes.
According to Microsoft, every country in the world has seen at least one COVID-19-themed attack, with countries most affected by the outbreak seeing the highest volume of incidents. To date, China, the United States, and Russia have been hit the hardest, the company says.
At the moment, the tech giant is seeing roughly 60,000 phishing emails that carry COVID-19 related malicious attachments or malicious URLs each day. However, given the millions of malicious emails observed on a daily basis to target hundreds of thousands of users, that number amounts to less than two percent of the total volume of threats.
FireEye too has observed a similar shift in the threat landscape, but notes that only two percent of the malicious emails it detected in March had a COVID-19 theme.
This, Microsoft notes, “reinforces that the overall volume of threats is not increasing but attackers are shifting their techniques to capitalize on fear. Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.”
Microsoft also explains that the COVID-19-themed threats are, in fact, retreads of existing attacks, altered to fit the current trend. Basically, the attackers only changed the lures, but did not increase the number of attacks. Trickbot and Emotet operators are highly active, rebranding their lures to take advantage of the coronavirus outbreak.
According to FireEye, despite the shift in lures, the threat actors remain the same, and continue to use the same tools they used before the crisis. They only started leveraging the global situation for social engineering.
“Ultimately, COVID-19 is being adopted broadly in social engineering approaches because it is has widespread, generic appeal, and there is a genuine thirst for information on the subject that encourages users to take actions when they might otherwise have been circumspect,” FireEye notes.
With over 18,000 malicious COVID-19-related URLs and IP addresses processed daily, Microsoft says it’s clear that attackers are more aggressive, but are using the same delivery methods, only swapping out the malicious URLs more frequently to evade detection.
As for the actors that take advantage of coronavirus-themed lures, they range from profit-driven cybercriminals to nation-state groups engaging in cyber-espionage. Moreover, FireEye says some adversaries have shared tools on underground communities to make COVID-19-related lures more efficient.
Moving forth, the number of attacks exploiting the coronavirus crisis is expected to grow even more. In a recent alert, the FBI warned that BEC scams leveraging the global pandemic are likely to become more frequent.