In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up.
Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report, “Cybercrime tactics and techniques: Attack on home base,” analyzes the trojans, info stealers, and botnets that threat actors delivered to increasingly more homes from January to March of this year.
Our report looks at more than attack volume, though. It also captures the actual models that threat actors used to try and trick unsuspecting victims. From an email purporting to come fom UNICEF, to another claiming to contain information about proper face mask usage, to a much-discussed, fraudulent map posing as a legitimate, global coronavirus case tracker from John Hopkins University—it’s all here in our latest report.
Malwarebytes researchers have been following these attack methods for months.
We found a scam email that preyed on individuals’ desire to offer support during the pandemic. We investigated activity from a reported Pakistani state-sponsored threat actor spreading a remote access Trojan through a coronavirus-themed spearphishing campaign. We discovered countless impersonating emails and snake-oil pitches hiding a variety of keyloggers, ransomware, and data stealers.
In today’s report, we now have the data to show what malware threats, specifically, increased in the first three months of 2020.
Key takeaways: Attack on home base
- Cybercriminals quickly transitioned to delivering years-old malware with brand new campaigns that preyed on the confusion, fear, and uncertainty surrounding the global coronavirus pandemic.
- Malwarebytes discovered that the backdoor malware NetWiredRC, which laid low for roughly five months in 2019, dramatically increased its activity at the start of 2020, with a detection increase of at least 200 percent by March compared to last December.
- The time period between January and February was, for several of the malware types analyzed, a precursor to even greater, increased detection activity between February and March.
- Malwarebytes recorded increased detections of nearly 110 percent between February and March for the malware AveMaria, a dangerous remote access trojan that can provide remote desktop access and remote webcam control, with the additional ability to steal passwords.
- Malwarebytes recorded increased detections of more than 160 percent between February and March for the malware DanaBot, an invasive trojan and information stealer that can swipe online banking account credentials.
- Phishing campaigns appear to be the most popular attack method, but cybercriminals have also gotten creative with fraudulent websites that hide malware.
- A 26 percent increase in credit card skimming activity in March puts home shoppers at greater risk
For inquiries, email us at firstname.lastname@example.org