As the hysteria related to the Coronavirus pandemic begins to wind down, so does the prevalence of overall COVID-19-themed malware and ransomware attacks
Microsoft’s Threat Protection Intelligence Team recently said that despite all the media hoopla over the past several years, the malware attacks that utilized COVID-19 themes barely registered a blip as far as the total volume of threats the company sees on a monthly basis. COVID-19-themed malware attacks recently included emails carrying malicious file attachments or malspam, which are emails containing malicious links that redirect users to phony sites or malware downloads.
According to Microsoft, the first attacks using a coronavirus theme occurred after the World Health Organization declared COVID-19 a global pandemic on January 30th of 2020. As people looked for more information regarding the growing pandemic, attacks intensified, and peaked in March as most of the world enforced stay-at-home orders.
“The week following [the WHO] declaration saw these attacks increase eleven-fold,” Microsoft said. “By the end of March, every country in the world had seen at least one COVID-19-themed attack.”
However, Microsoft says that the attacks plateaued soon after, and as public interest in COVID-19 died down, and then malware operations settled into a “new normal.” Microsoft also said that most of the coronavirus campaigns tracked were highly localized. Hackers usually targeted users in a specific country and weaponized the local news to increase the chances of success.
“They preyed on our concern, confusion, and desire for resolution,” Microsoft said
As outbreaks involving Lokibot, Emotet, and TrickBot started to appear, Microsoft also said that those malware groups didn’t put any particular effort into exploiting the COVID-19 angle. Currently, Microsoft says Coronavirus-themed hacking attacks have gone down, but they are still higher than in early February when the attacks first started, so they haven’t completely died out for good just yet.
Going forward, Microsoft believes that the attacks will persist as long as COVID-19 remains in the headlines. Nevertheless, Microsoft says COVID-19 seems to be just an outlier in the general threat landscape, where most of the attacks continue to be the typical phishing and identity theft scams that are generally seen.