Developing Story: COVID-19 Used in Malicious Campaigns

COVID-19 is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains.  As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on COVID-19 related malicious campaigns. This report also includes detections from other researchers.

The mention of current events for malicious attacks is nothing new for threat actors, who time and again use the timeliness of hot topics, occasions, and popular personalities in their social engineering strategies.

Update as of November 11

Covid-19 still filled the headlines in the third quarter of 2020, and Trend Micro’s monitoring showed that cyberthreats that used the virus as a lure increased exponentially in September. This spike in malicious activity coincided with a shift in social engineering tactics — instead of using Covid-19 information to trick users, criminals used coronavirus-related school updates and job listings. For example, many schools required more information about students’ health as part of their safety protocols for combating the virus. In late October, security firm MalwareBytes Lab found ransomware hidden in a fake health survey targeting staff at the University of British Columbia (UBC).

Headers used in phishing emails have also changed. Instead of using Covid-19 as the subject, malicious actors are using titles related to job opportunities to trick users into opening spam mail. Many people are out of work due to the economic downturn caused by the pandemic, and are eager to find job openings. Threat actors are aware of what users click on and use the most obvious bait to make their schemes more effective.