IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

COVID-19 spam increased during first half of 2020

Researchers say finance was the most frequently spoofed industry, with Facebook being the most imitated brand

Hooks on top of credit cards with a padlock in the background

Spam and malicious phishing emails increased during the first half of 2020, the latest research reveals, as cyber criminals moved quickly to take advantage of the COVID-19 disruption.

March and the following spring period saw a “significant increase” of malicious emails using COVID-19 issues as bait to manipulate users into exposing themselves to attacks and scams, according to F-Secure’s Attack Landscape H1 2020 report.

These coronavirus-tailored attacks ranged from attempts to trick users into ordering face masks from fake websites, to using malware with malicious attachments, the cybersecurity firm revealed.

Three-quarters of attachments in these emails also contained ‘infostealers’ – a type of malware that steals sensitive information from an infected system.

F-Secure said that a lack of operational constraints allows cyber criminals to respond quickly to breaking events and incorporate them into their campaigns.

“The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties," commented Calvin Gan, a manager with F-Secure's Tactical Defense Unit. "Spotting malicious emails isn't typically a priority for busy employees, which is why attackers frequently attempt to trick them into compromising organisations."

Perhaps unsurprisingly, the report discovered that finance was the most frequently spoofed industry used to trick recipients in phishing emails during the first half of the year, while Facebook was found to be the most imitated brand.

Email was the most popular way of spreading malware, accounting for more than half of all infection attempts, while infostealers topped the list of malware types. The ‘Lokibot’ malware family were the most common variations, F-Secure revealed, while Telnet and SSH were the most frequently scanned ports.

Elsewhere, attacks leveraging cloud-based email services are steadily increasing, the report added, with a significant spike in phishing emails that targeted Microsoft Office 365 users occurring back in April.

"Notifications from cloud services are normal and employees are accustomed to trusting them," explained Teemu Myllykangas, director of B2B Product Management at F-Secure. “Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud.

"Securing inboxes in general is already a challenge, so companies should consider a multilayer security approach that combines protection technologies and employee education to reduce their exposure to email threats."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Schneider Electric unveils Grid Operations Platform as a Service on Microsoft Azure
cloud computing

Schneider Electric unveils Grid Operations Platform as a Service on Microsoft Azure

24 May 2022
T-Mobile unveils new 5G Advanced Network Solutions
Network & Internet

T-Mobile unveils new 5G Advanced Network Solutions

24 May 2022
Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022
Malwarebytes hires new channel chief to lead MSP and partner network
Managed service provider (MSP)

Malwarebytes hires new channel chief to lead MSP and partner network

18 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022