Internet security company Malwarebytes Labs has released a Covid-19 themed quarterly Cybercrime Tactics and Techniques report. The experts at the firm have suggested in the reports that they have noticed a spike in malware attacks in the last three months. The attackers are using a common ground that is coronavirus to lure the users. The report named “Cybercrime tactics and techniques: Attack on home base” revolved around the recent malware threats. The experts at Malwarebytes Labs have analyzed botnets, Trojans and info stealers and found out that unsuspecting victims are falling for the attacks more often compared to the past attacks.
Covid-19 pandemic changed how the world functions
In the last three months, the world has changed drastically. Millions of workers have been asked to work from home. Everyone is trying to practice social distancing to curb the spread of coronavirus. This pandemic has brought an unexpected opportunity for cybercriminals. Experts said that while working from home, the employees have access to their company’s resources using VPNs and cloud-based services. They are spending countless hours to stay connected to the team members via communication tools.
Cybercriminals using fear and empathy to lure victims
Cybercriminals are using this opportunity to deploy campaigns that lure the victims to install malicious codes in the form of malware on their computers. These malware can not only steal personal information and login credentials from the victim’s computer but are also capable of granting remote access of the computers to the attackers.
The CTNT report has captured the actual models these attackers are using to lure unsuspecting victims. They found that there were emails and attachments with malicious code where the email’s content suggested ways to use face mask properly. In one instance, the email was designed in such a way that it looked like a campaign by UNICEF. The attackers have even impersonated the global case trackers from John Hopkins University.
After following these attack methods for months, the researchers at Malwarebytes Labs found that those who have the desire to offer support during a pandemic are more prone to such attacks. During the investigations, they also alerted about a possible Pakistani state-sponsored threat actor that contained a remote access Trojan. It was targeting high ranking officials to steal sensitive information. The team found countless campaigns designed to look like snake-oil pitches but contained data stealers, keyloggers and ransomware.
Notable takeaways from the Malwarebytes Labs report
- The experts suggested that cybercriminals are using years-old malware after rebranding them with new campaigns and preying on the uncertainty, fear and confusion during coronavirus pandemic.
- They found out that the backdoor malware NetWiredRC has emerged again at the beginning of 2020 after staying dormant for around five months in 2019. They noticed a 200 percent increase in its detection.
- Between January and February, researchers noticed a spike in the malware activity, but it was only a precursor to the considerable increase in activity in later February and March.
- There was an increase of 110 percent in the detection of malware AveMaria during February and March. It is a potent remote access Trojan that grants access to webcam and computer to the attackers. It is also capable of stealing passwords and credentials.
- The researchers at Malwarebytes Labs noted an increase of 160 percent in the detection of malware DanaBot, an invasive Trojan known to steal credentials for online banking accounts.
- Phishing campaigns remained the most popular method of initiating an attack. The cybercriminals were very careful while designing fraudulent websites to ensure the malware is not traceable to regular users.
- There was an increase of 26 percent of credit card skimming activity during March that puts home shoppers at higher risk.
What should you do?
If you are an administrator in an organization, inform the employees about the possible threats. Ask them not to open any email or attachment from unknown mail ids. It goes for the messages as well. If the link has been originated from an unknown source, you should not click it. Do not click on the shortened URLs from unknown sources. Only use reputed antivirus and antispyware and keep them updated.
Read Malwarebytes Labs report here.