Connect with us


Virus v Virus: cybercriminals exploit COVID-19 fears

By INDI SIRINIWASA, VP at Trend Micro Sub-Saharan Africa



Even though COVID-19 statistics change as rapidly as the virus is spreading, some estimates have half the world’s population under some form of lockdown. Beyond the humanitarian crisis of the coronavirus, the amount of people either placed on enforced leave or working from home is putting a massive strain on cybersecurity systems.

It is unfortunate, but as the virus intensifies in volume and scope, so does the wave of threat attacks and campaigns that use it as bait. According to Trend Micro research, almost 66% of threats using COVID-19 as bait revolve around spam emails.

From a spam perspective, the top two examples during the current lockdown relate to shipment notifications and coronavirus updates from the Department of Health. As has been seen by other global events, albeit of a lesser scale than COVID-19, threat actors seek to exploit current news as gateways into corporate back-end systems. By preying on people’s need for information, hackers have access to a treasure trove of potential targets.

The expected growth in email scam proliferation will see countries that are worst-hit by COVID-19 being targeted. This includes China and Italy, and extends to the United States and the United Kingdom. Of course, that does not mean South Africa will remain unaffected. Developing countries will always be a popular target given the perception that cybersecurity is not always up to the standard of international best practice.

Malware growth

Beyond spam, malware and malicious URLs have come in at second and third place, respectively, as the most prominent threats.

The United States (26.5%), Germany (13.3%), and the United Kingdom (10.4%) are the three top countries hosting COVID-19 related malicious URLs. Perhaps unsurprisingly, phishing (56.7%) and malware (34.3%) are the two preferred forms of malicious URLs exploiting the current global crisis. This highlights how social engineering remains the most impactful way to compromise a system or device. It also shows that a company can have the most sophisticated cybersecurity software installed and rely on the most innovative policy and compliance regimes, and if people click on a compromised link or download malware, it all counts for nothing.

The Emotet malware strain, initially functioning as a banking trojan when it was first discovered in 2014, has recently become a prominent tool in malicious coronavirus campaigns. As a banking malware variant, it stole data by sniffing out network activity. It quickly evolved into a more complex form that acted as a loader for other malware families. Such has its effectiveness been that it was one of the highest-ranked threats last year.

There are other examples of COVID-19 related distributed malware. An interactive coronavirus map was used to spread information-stealing malware. Additionally, mobile ransomware named CovidLock came from a malicious Android app that supposedly helps track cases of COVID-19.

So, while cybersecurity solutions are essential, these must form part of a multi-layered protection approach that prevents users from accessing malicious domains that could deliver malware. It is a continual fight that, despite the global concerns currently, is not to be left by the wayside.