COVID-19 affected the entire world and has changed how people live and work. Furthermore, it introduced some drastic changes in the tactics used by cybercriminals during cyberattacks. A recent report has revealed that some of the prominent tactics observed during this phase include COVID-19 themed phishing emails, attacks on remote workers, and abuse of popular collaboration platforms.
What’s in the report?
According to a report from Kaspersky, one year after COVID-19, cybercriminals have completely changed the methods and tactics used to exploit the phenomenal increase in online traffic.
- Email scamming and phishing are the most effective attacks used during this pandemic era. Fear and anxiety regarding coronavirus are still capable enough for carrying out successful social-engineering attacks.
- Attack campaigns purporting to offer N95 masks or hand sanitizer (in which people were asked to enter their payment details) became another major threat over the course of the year.
- Moreover, impersonating COVID-19 authorities became a popular attack strategy, in which cybercriminals were spreading malware in the pretense of fake updates.
- The scammers often imitated leading authority figures on the pandemic, such as CDC and the World Health Organization, to give their emails additional touch of legitimacy to fool recipients.
- In addition, they used lures involving delayed shipments, because ordering by mail skyrocketed during lockdowns. In 2020, delivery services were the most-spoofed.
Attacks on remote workers and collaboration platforms
Along with the above tactics, the cybercriminals were using other types of attacks as well.
- Brute-Force Attacks on Remote Workers: During spring 2020, the world witnessed a barrage of attacks taking advantage of unsecured home networks. The number of brute-force attacks against RDP grew radically (with an almost 200% increase).
- Attacks on Collaboration Platforms: Cyberattackers have been targeting users of various cloud services, mostly collaboration services such as Flock, Join.me, Slack, MS Teams, Zoom, and Webex.
This is not all as other factors that have been exploited by scammers include ongoing vaccinations or health passports for travel around the world. Therefore, it is important to always stay alert whenever something related to the pandemic arrives in an email.