Cyber Crime

Less than 2% of all daily malspam are Coronavirus-themed attacks, Microsoft reports

Microsoft shares new threat intelligence, the IT giant pointed out that malspam activities have not increased due to Coronavirus outbreak.

In recent weeks, security firms and experts reported numerous Coronavirus-themed attacks, now Microsoft shares new threat intelligence on malicious activities during the pandemic.

Despite threat actors are exploiting the current coronavirus pandemic to target users, Microsoft reports it hasn’t observed any spike in malware activity in this period, it only observed a change of lures.

“Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic. This means we’re seeing a changing of lures, not a surge in attacks.” reads the report published by Microsoft.

Microsoft tracks thousands of phishing campaigns every week, the company revealed that of the millions of targeted messages observed only roughly 60,000 use the Coronavirus as a lure, it represents less than two percent of the total malspam traffic.

“Microsoft tracks thousands of email phishing campaigns that cover millions of malicious messages every week. Phishing campaigns are more than just one targeted email at one targeted user. They include potentially hundreds or thousands of malicious emails targeting hundreds or thousands of users, which is why they can be so effective. Of the millions of targeted messages we see each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs.” continues Microsoft.

Crooks are adapting the templates of their malspam campaigns using COVID-19-related topics and subjects.

In many cases, attackers used spam and phishing messages impersonating trusted entities and authorities like the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and the Department of Health.

“While that number sounds very large, it’s important to note that that is less than two percent of the total volume of threats we actively track and protect against daily, which reinforces that the overall volume of threats is not increasing but attackers are shifting their techniques to capitalize on fear. Attackers are impersonating established entities like the World Health Organization (WHO),” continues Microsoft. “Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes. Here’s an example of what just one of these malicious emails looks like now compared to before the COVID-19 crisis:”

Microsoft warns that both cybercrime groups, like Emotet and Trickbot gangs, and nation-state actors are using Coronavirus as lures.

Microsoft confirmed that it has observed COVID-19 themed attacks against entities in almost any country in the world.

Experts also warned of advanced persistent threat and nation-state actors that have been observed targeting healthcare organizations using COVID-19-themed lures in their campaigns. 

The company praised the efficiency of its SmartScreen technology in preventing COVID-19-themed attacks, it also allowed to detects users visiting coronavirus-related domains through the URL scanning technology implemented in the Edge browser.

“In a single day, SmartScreen sees and processes more than 18,000 malicious COVID-19-themed URLs and IP addresses. This again shows us that attackers are getting more aggressive and agile in the delivery of their attacks – using the same delivery methods, but swapping out the malicious URLs on a more frequent basis in an effort to evade machine learning protections.” Microsoft says.

The experts recommend to be vigilant and to adopt security best practices.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, Coronavirus)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

5 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

17 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.