COVID-19 and Fundamental Changes in Cyberattacks

What’s in the report?

• Email scamming and phishing are the most effective attacks used during this pandemic era. Fear and anxiety regarding coronavirus are still capable enough for carrying out successful social-engineering attacks.
• Attack campaigns purporting to offer N95 masks or hand sanitizer (in which people were asked to enter their payment details) became another major threat over the course of the year.
• Moreover, impersonating COVID-19 authorities became a popular attack strategy, in which cybercriminals were spreading malware in the pretense of fake updates.
• The scammers often imitated leading authority figures on the pandemic, such as CDC and the World Health Organization, to give their emails additional touch of legitimacy to fool recipients.
• In addition, they used lures involving delayed shipments, because ordering by mail skyrocketed during lockdowns. In 2020, delivery services were the most-spoofed.

Attacks on remote workers and collaboration platforms

• Brute-Force Attacks on Remote Workers: During spring 2020, the world witnessed a barrage of attacks taking advantage of unsecured home networks. The number of brute-force attacks against RDP grew radically (with an almost 200% increase).
• Attacks on Collaboration Platforms: Cyberattackers have been targeting users of various cloud services, mostly collaboration services such as Flock, Join.me, Slack, MS Teams, Zoom, and Webex. 

Conclusion