You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look

F-Secure gives its take on the first half of 2020 in internet scumminess


Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch.

"Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns," said Calvin Gan, a manager with F-Secure's Tactical Defense Unit, in a canned statement. "The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties."

Spam and other email-dependent lures mostly switched to using coronavirus-themed messaging in the first half of 2020, with finance being the most frequently spoofed industry in phishing emails seen by the Finnish company.

Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection. The email spreading it purported to be an official warning from a public health body.

Email accounted for just over half of observed infection attempts in the first six months of the year, up from 43 per cent last year. Exploit kit usage was virtually level year-on-year at 10 per cent in H1 2020 versus 9 per cent in H1 2019.

"We also saw atypical archive and compression file types, such as .gz and .ace, being used to get around mail gateways configured to detect malware executables enclosed in more conventional formats like .zip," said F-Secure in its full Attack Landscape H1 2020 report. The company added that its honeypots experienced 2.8 billion attack attempts between January and June, compared with 2.9 billion over the same period in 2019.

Diving down the stack, telnet and SSH were the two most frequently scanned ports that F-Secure had seen, while infostealers were the most common type of malware, with the Lokibot banking trojan being the most popular malware family.

Intriguingly, the company also noted a spike in fake cloud email notifications targeting Office 365 users during April. "Notifications from cloud services are normal and employees are accustomed to trusting them. Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud," said Teemu Myllykangas, F-Secure director of B2B product management, in a statement.

F-Secure called for the entire IT industry to "work toward reducing the success rate of email as an attack vector, not only through technology enhancement, but also by companies evolving their cyber security strategies".

While it is true that most compromises nowadays come through basic attack vectors – typically, someone opening an email attachment that they shouldn't have – calling for the entire industry to fix a problem as old as email itself seems a little bold.

No harm in trying, though. ®

Broader topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022