COVID-19 Themed Attacks Ramp up, Become the Biggest Phishing Threat

As the pandemic continues to impact the world, hackers are making headway on new phishing schemes that leverage users’ fears, doubt, and uncertainty around COVID-19. New research from KnowBe4 has revealed that coronavirus-related phishing emails remained the most promising attack type during the third-quarter of 2020 and will continue to foray into the last quarter. 

Email subject lines used in the wild

According to KnowBe4, the following email subject lines based around COVID-19 were popular among threat actors:
  • Payroll Deduction Form 
  • Please review the leave law requirements 
  • Password Check Required Immediately 
  • Required to read or complete: “COVID-19 Safety Policy” 
  • COVID-19 Remote Work Policy Update 
  • Vacation Policy Update 
  • Scheduled Server Maintenance -- No Internet Access 
  • Your team shared the "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive 
  • Official Quarantine Notice 
  • COVID-19: Return To Work Guidelines and Requirements 

A sneak peek into recent phishing trends 

  • Armorblox spotted a new credential phishing campaign that exploited the IRS, coronavirus, and SharePoint to trick users. The email promised an important update on the recipient’s COVID-19 relief funds to be disbursed to the person’s address. Instead, it was used to spread the personal information of users.
  • Towards the end of September, scammers leveraged the recent COVID-19 financial grant announced by Facebook as bait to steal users’ identity. In this attempt, a fake CNBC news was used to post the announcement.
  • In mid-September, U.K business owners were targeted in a new phishing scam that impersonated Her Majesty’s Revenue and Customs (HMRC) and informed victims about the new updates on COVID-19 tax relief.

What else?

Besides phishing, the pandemic became a popular channel to spread malware. In an incident, cybercrooks had used the ‘U.S. President testing positive for COVID-19’ theme to distribute BazarLoader malware.

Key takeaway

Since the beginning of 2020, the pandemic has opened a variety of opportunities for new and unique espionage attacks. The year, moreover, witnessed a spike in attacks from state-sponsored actors in a bid to steal vaccine development research. At a time when ransomware kits are sold on the dark web, hackers leveraging COVID-19 for malicious activities have become even more concerning.