You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look
F-Secure gives its take on the first half of 2020 in internet scumminess
Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch.
"Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns," said Calvin Gan, a manager with F-Secure's Tactical Defense Unit, in a canned statement. "The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties."
Spam and other email-dependent lures mostly switched to using coronavirus-themed messaging in the first half of 2020, with finance being the most frequently spoofed industry in phishing emails seen by the Finnish company.
Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection. The email spreading it purported to be an official warning from a public health body.
Email accounted for just over half of observed infection attempts in the first six months of the year, up from 43 per cent last year. Exploit kit usage was virtually level year-on-year at 10 per cent in H1 2020 versus 9 per cent in H1 2019.
"We also saw atypical archive and compression file types, such as .gz and .ace, being used to get around mail gateways configured to detect malware executables enclosed in more conventional formats like .zip," said F-Secure in its full Attack Landscape H1 2020 report. The company added that its honeypots experienced 2.8 billion attack attempts between January and June, compared with 2.9 billion over the same period in 2019.
Diving down the stack, telnet and SSH were the two most frequently scanned ports that F-Secure had seen, while infostealers were the most common type of malware, with the Lokibot banking trojan being the most popular malware family.
Intriguingly, the company also noted a spike in fake cloud email notifications targeting Office 365 users during April. "Notifications from cloud services are normal and employees are accustomed to trusting them. Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud," said Teemu Myllykangas, F-Secure director of B2B product management, in a statement.
F-Secure called for the entire IT industry to "work toward reducing the success rate of email as an attack vector, not only through technology enhancement, but also by companies evolving their cyber security strategies".
While it is true that most compromises nowadays come through basic attack vectors – typically, someone opening an email attachment that they shouldn't have – calling for the entire industry to fix a problem as old as email itself seems a little bold.
No harm in trying, though. ®