Security

You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look

F-Secure gives its take on the first half of 2020 in internet scumminess

6 Got Tips?

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch.

"Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns," said Calvin Gan, a manager with F-Secure's Tactical Defense Unit, in a canned statement. "The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties."

Spam and other email-dependent lures mostly switched to using coronavirus-themed messaging in the first half of 2020, with finance being the most frequently spoofed industry in phishing emails seen by the Finnish company.

Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection. The email spreading it purported to be an official warning from a public health body.

Email accounted for just over half of observed infection attempts in the first six months of the year, up from 43 per cent last year. Exploit kit usage was virtually level year-on-year at 10 per cent in H1 2020 versus 9 per cent in H1 2019.

"We also saw atypical archive and compression file types, such as .gz and .ace, being used to get around mail gateways configured to detect malware executables enclosed in more conventional formats like .zip," said F-Secure in its full Attack Landscape H1 2020 report. The company added that its honeypots experienced 2.8 billion attack attempts between January and June, compared with 2.9 billion over the same period in 2019.

Diving down the stack, telnet and SSH were the two most frequently scanned ports that F-Secure had seen, while infostealers were the most common type of malware, with the Lokibot banking trojan being the most popular malware family.

Intriguingly, the company also noted a spike in fake cloud email notifications targeting Office 365 users during April. "Notifications from cloud services are normal and employees are accustomed to trusting them. Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud," said Teemu Myllykangas, F-Secure director of B2B product management, in a statement.

F-Secure called for the entire IT industry to "work toward reducing the success rate of email as an attack vector, not only through technology enhancement, but also by companies evolving their cyber security strategies".

While it is true that most compromises nowadays come through basic attack vectors – typically, someone opening an email attachment that they shouldn't have – calling for the entire industry to fix a problem as old as email itself seems a little bold.

No harm in trying, though. ®

Sign up to our NewsletterGet IT in your inbox daily

6 Comments

Keep Reading

TalkTalk marches OneTel users into a brave new email world

You will be upgraded, whether you want to be or not

Email seems lost in the post? You might be a Tsohost customer

Print it out, pop a stamp on it, stick it in a pillar box. Might have been quicker

Irony, thy name is SANS: 28k records nicked from infosec training org after staffer's email account phished

Updated Names, email addresses, phone numbers, job titles, company names, country of residence etc. pinched

Diplomats are supposed to be subtle and clever. Australia’s just leaked 1,000 citizens’ email addresses

And not just any citizens, but folks stranded overseas and in dire need of assistance

Namesco email 'scripting error' has last bastion of Demon Internet holdouts scratching their heads

Let's play 'That's Not My Subdomain'

Reply-All storm flares as email announcing privacy policy puts 500 addresses in the 'To' field, not 'BCC'

Newsletter-as-a-service outfit Substack does the usual apologising

Email innovator Hey extends an olive branch in standoff with Apple, tweaks code to make the iGiant appier

We did what we think you want, now let it through

iOS 14 suffers app preference amnesia: Rebooting an iThing resets browser, email client defaults back to Safari, Mail

You didn't want to run that hot Cupertino code? Too bad, loser

University of Cambridge to decommission its homegrown email service Hermes in favour of Microsoft Exchange Online

Institute says the knowledge needed to run it is fading, but the move wasn't without opposition

Angry 123-Reg customers in the UK wake up to another day where hosted mail doesn't get through to users on Microsoft email accounts

Our own customers think we're ignoring them, say irate business owners

Tech Resources

Webcast Slide Deck | Remote and branch office IT success

As organisations are becoming more digital and dispersed, it is increasingly important to have an agile approach to delivering IT at remote, branch (ROBO) and edge locations

[Report] Real Stories From Rapid7 Penetration Testers

Hoodies off. Shoes on. Step into the attacker mindset.

IBM and Nvidia® Solutions Power Insights with the New AI

IBM is well-positioned to help organizations incorporate high-performance solutions for AI into the enterprise landscape.

Breach and Attack Simulation For Dummies

This ebook covers attacks on your network. But not the ones you expect — these are actually coming from you.