Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look

F-Secure gives its take on the first half of 2020 in internet scumminess

Gareth Corfield Thu 17 Sep 2020  //  08:30 UTC

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch.

"Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns," said Calvin Gan, a manager with F-Secure's Tactical Defense Unit, in a canned statement. "The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties."

Spam and other email-dependent lures mostly switched to using coronavirus-themed messaging in the first half of 2020, with finance being the most frequently spoofed industry in phishing emails seen by the Finnish company.

Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection. The email spreading it purported to be an official warning from a public health body.

Email accounted for just over half of observed infection attempts in the first six months of the year, up from 43 per cent last year. Exploit kit usage was virtually level year-on-year at 10 per cent in H1 2020 versus 9 per cent in H1 2019.

"We also saw atypical archive and compression file types, such as .gz and .ace, being used to get around mail gateways configured to detect malware executables enclosed in more conventional formats like .zip," said F-Secure in its full Attack Landscape H1 2020 report. The company added that its honeypots experienced 2.8 billion attack attempts between January and June, compared with 2.9 billion over the same period in 2019.

Diving down the stack, telnet and SSH were the two most frequently scanned ports that F-Secure had seen, while infostealers were the most common type of malware, with the Lokibot banking trojan being the most popular malware family.

Intriguingly, the company also noted a spike in fake cloud email notifications targeting Office 365 users during April. "Notifications from cloud services are normal and employees are accustomed to trusting them. Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud," said Teemu Myllykangas, F-Secure director of B2B product management, in a statement.

F-Secure called for the entire IT industry to "work toward reducing the success rate of email as an attack vector, not only through technology enhancement, but also by companies evolving their cyber security strategies".

While it is true that most compromises nowadays come through basic attack vectors – typically, someone opening an email attachment that they shouldn't have – calling for the entire industry to fix a problem as old as email itself seems a little bold.

No harm in trying, though. ®
Send us news
6 Comments

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns

Happy 20th birthday Gmail, you're mostly grown up – now fix the spam

Senders of more than 5K messages a day are in the crosshairs

Outlook.com trips over Google's spam blocking rules

Microsoft has a workaround but it's not a great look

X fixes URL blunder that could enable convincing social media phishing campaigns

Poorly implemented rule allowed miscreants to deceive users with trusted URLs

China encouraged armed offensive against Myanmar government to protest proliferation of online scams

Report claims Beijing is most displeased by junta's failure to address slave labor scam settlements

Microsoft confirms memory leak in March Windows Server security update

ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns

It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files

New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia

ChatGPT side-channel attack has easy fix: Token obfuscation

Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns

As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims

Wave of Okta attacks mark what researchers are calling the biggest security trend of the year

Exchange Online blocked from sending email to AOL and Yahoo

Microsoft IP addresses on the spam naughty step

The end of classic Outlook for Windows is coming. Are you ready?

Microsoft prepares to replace an old faithful with something shiny, new, and lacking key features. Sound familiar?

Chinese PC-maker Acemagic customized its own machines to get infected with malware

Tried to speed boot times, maybe by messing with 'Windows source code', ended up building a viral on-ramp