Capturing the Cyber Threats on Home Base Amidst COVID-19

While staying in and working from home has become a new normal amidst the COVID-19, it has increased the risk of cyber threats as cybercriminals prey on people’s fear, remote tools, and stressed IT systems. Here’s a look at how the cyber threat landscape has transitioned in the past five months.

Attacks on remote tools surge

Since the outbreak of the Coronavirus, millions of workers working from home are accessing organizations’ resources through VPNs, video-conferencing apps, and other cloud-based services. Unfortunately, this has created an opportunity for cybercriminals to deploy campaigns against these tools to gain remote access to networks and machines.
  • McAfee researchers reported a 630% rise in cloud-based cyber-attacks between January and April, 2020. These attacks were aimed at accessing cloud accounts with important credentials and targeted collaboration services like Microsoft Office 365.
  • According to CheckPoint, cybercriminals also impersonated video-conferencing apps like Zoom, Google Meet, and Microsoft Teams to lure victims in different phishing and malware attacks.
  • Several cyberattacks campaigns that leveraged fake VPN apps and unpatched VPNs were also carried out either to spread malware or trick users in scams.
  • Additionally, Kaspersky recorded around 100,000-150,000 attacks on the Remote Desktop Protocol (RDP) since the start of the outbreak.

Old malware make their comeback

Cybercriminals quickly transitioned to delivering years-old malware with brand new campaigns that preyed on people’s fear, confusion, and uncertainty surrounding the global Coronavirus pandemic. Countless phishing campaigns that hid a variety of keyloggers, ransomware and data stealers were detected in recent months:
  • According to Malwarebytes, the backdoor malware, NetWiredRC, which laid low for roughly five months in 2019, dramatically increased its activity by 200% by March 2020 when compared to last December.
  • Detection of AveMaria remote access trojan also jumped to nearly 110% between February and March, 2020. The malware can provide remote desktop access and remote webcam control, with the additional ability to steal passwords.
  • DanaBot, an invasive trojan and information stealer that can swipe online banking account credentials, had increased its activity by 160% between February and March 2020.
  • TrickBot, LokiBot, and AZORult among other information-stealing malware made comeback in several Coronavirus-themed campaigns.

A sneak peek into other threats

  • Though phishing campaigns appeared to be the most popular attack methods, cybercriminals found a new way to deliver their malware by hiding it in fake Coronavirus maps.
  • Home shoppers are at a greater risk than ever as Magecart attacks on online retailers and banks increased by 20% during the pandemic.
  • In addition, government-sponsored actors are trying to blend their attacks along with the flood of COVID-19-themed scams.