As the world grapples with the new coronavirus, COVID-19, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web.
Our partners in Barracuda have seen a steady increase in the number of coronavirus COVID-19-related spear-phishing attacks since January, but they have observed a recent spike in this type of attack, up 667-percent since the end of February.
Between March 1 and March 23, Barracuda has detected 467,825 spear-phishing email attacks, and 9,116 of those detections were related to COVID-19, representing about 2 percent of attacks. In comparison, a total of 1,188 coronavirus-related spear-phishing attacks were detected in February, and just 137 were detected in January. Although the overall number of these attacks is still low compared to other threats, the threat is growing quickly.
Coronavirus-Related Phishing — A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. The attacks use common phishing tactics that are seen regularly, however a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users capitalize on the fear and uncertainty of their intended victims. The FBI recently issued an alert about these types of attacks.
Barracuda researchers have seen three main types of phishing attacks using coronavirus COVID-19 themes — scamming, brand impersonation, and business email compromise. Of the coronavirus-related attacks detected by Barracuda Sentinel through March 23, 54 percent were scams, 34 percent were brand impersonation attacks, 11 percent were blackmail, and 1 percent are business email compromise.
Phishing attacks using COVID-19 as a hook are quickly getting more sophisticated. In the past few days, Barracuda researchers have seen a significant number of blackmail attacks popping up and a few instances of conversation hijacking. In comparison, until just a few days ago we were primarily seeing mostly scamming attacks. As of March 17, the breakdown corona-virus phishing attacks detected by Barracuda Sentinel, 77 percent were scams, 22 percent were brand impersonation, and 1 were business email compromise. We expect to see this trend toward more sophisticated attacks continue.
Goals of the attacks ranged from distributing malware to stealing credentials, and financial gain. One new type of ransomware our systems detected has even taken on the COVID-19 namesake and dubbed itself CoronaVirus.
Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts, such as the ongoing sextortion campaigns, which rely on embarrassment and fear to scam people out of money. With the fear, uncertainty, and even sympathy stemming from the coronavirus COVID-19 situation, attackers have found some key emotions to leverage.
For example, we saw one blackmail attack that claimed to have access to personal information about the victim, know their whereabouts, and threatened to infect the victim and their family with coronavirus unless a ransom was paid. Barracuda Sentinel detected this particular attack 1,008 times over the span of two days.