Pierluigi Paganini April 09, 2020

Microsoft shares new threat intelligence, the IT giant pointed out that malspam activities have not increased due to Coronavirus outbreak.

In recent weeks, security firms and experts reported numerous Coronavirus-themed attacks, now Microsoft shares new threat intelligence on malicious activities during the pandemic.

Despite threat actors are exploiting the current coronavirus pandemic to target users, Microsoft reports it hasn’t observed any spike in malware activity in this period, it only observed a change of lures.

“Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic. This means we’re seeing a changing of lures, not a surge in attacks.” reads the report published by Microsoft.

Microsoft tracks thousands of phishing campaigns every week, the company revealed that of the millions of targeted messages observed only roughly 60,000 use the Coronavirus as a lure, it represents less than two percent of the total malspam traffic.

“Microsoft tracks thousands of email phishing campaigns that cover millions of malicious messages every week. Phishing campaigns are more than just one targeted email at one targeted user. They include potentially hundreds or thousands of malicious emails targeting hundreds or thousands of users, which is why they can be so effective. Of the millions of targeted messages we see each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs.” continues Microsoft.

Crooks are adapting the templates of their malspam campaigns using COVID-19-related topics and subjects.

In many cases, attackers used spam and phishing messages impersonating trusted entities and authorities like the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and the Department of Health.

“While that number sounds very large, it’s important to note that that is less than two percent of the total volume of threats we actively track and protect against daily, which reinforces that the overall volume of threats is not increasing but attackers are shifting their techniques to capitalize on fear. Attackers are impersonating established entities like the World Health Organization (WHO),” continues Microsoft. “Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes. Here’s an example of what just one of these malicious emails looks like now compared to before the COVID-19 crisis:”

Microsoft warns that both cybercrime groups, like Emotet and Trickbot gangs, and nation-state actors are using Coronavirus as lures.

Microsoft confirmed that it has observed COVID-19 themed attacks against entities in almost any country in the world.

Experts also warned of advanced persistent threat and nation-state actors that have been observed targeting healthcare organizations using COVID-19-themed lures in their campaigns. 

The company praised the efficiency of its SmartScreen technology in preventing COVID-19-themed attacks, it also allowed to detects users visiting coronavirus-related domains through the URL scanning technology implemented in the Edge browser.

“In a single day, SmartScreen sees and processes more than 18,000 malicious COVID-19-themed URLs and IP addresses. This again shows us that attackers are getting more aggressive and agile in the delivery of their attacks – using the same delivery methods, but swapping out the malicious URLs on a more frequent basis in an effort to evade machine learning protections.” Microsoft says.

The experts recommend to be vigilant and to adopt security best practices.

Pierluigi Paganini

(SecurityAffairs – malware, Coronavirus)

[adrotate banner=”5″]

[adrotate banner=”13″]