COVID-19 hackers cash-in as email phishing attacks rise

Barracuda researchers have been monitoring global phishing activity around Covid-19 since the start of the year, recoding 137 incidents in January, 1,188 in February, rising to 9,116 in March so far, an increase of 667% since the end of February. Between 1^st March and 23rd March 2020, Barracuda Sentinel detected a grand total of 467,825 email attacks globally. Breaking down the data, 9,116 of those detections were related to COVID-19, representing about two percent of attacks.

A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. The attacks use common phishing tactics that are seen regularly, however a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users capitalise on the fear and uncertainty of their intended victims.

Barracuda’s research team have seen three main types of phishing attacks using coronavirus COVID-19 themes — scamming, brand impersonation, and business email compromise. Of the coronavirus-related attacks detected by Barracuda Sentinel through to 23^rd March, 54% were scams, 34% are brand impersonation attacks, 11% were blackmail and one percent were business email compromise.

The goals of the attacks ranged from distributing malware to stealing credentials, and financial gain. One new type of ransomware our systems detected has even taken on the COVID-19 namesake and dubbed itself Coronavirus. Another scam email claimed they were looking to sell coronavirus cures or face masks or asking for investments in fake companies that claimed to be developing vaccines.

Additionally, scams in the form of donation requests for fake charities are another popular phishing method our researchers have seen taking advantage of Coronavirus. One example of a scam caught by the Barracuda systems claims to be from the World Health Community (which doesn’t exist but may be trying to take advantage of similarity to the World Health Organisation) and asks for donations to a Bitcoin wallet provided in the email.

Phishing attacks using COVID-19 as a hook are quickly getting more sophisticated. In the past few days, Barracuda researchers have seen a significant number of blackmail attacks popping up and a few instances of conversation hijacking. In comparison, until just a few days ago we were primarily seeing mostly scamming attacks. As of March 17, the breakdown corona-virus phishing attacks detected by Barracuda Sentinel, 77% were scams, 22% were brand impersonation, and one was business email compromise. We expect to see this trend toward more sophisticated attacks continue.

For example, researchers saw one blackmail attack that claimed to have access to personal information about the victim, know their whereabouts, and threatened to infect the victim and their family with coronavirus unless a ransom was paid. Barracuda Sentinel detected this particular attack 1,008 times over the span of two days.

Many of the scams that Barracuda Sentinel detected were looking to sell coronavirus cures or face masks or asking for investments in fake companies that claimed to be developing vaccines.

Scams in the form of donation requests for fake charities are another popular phishing method our researchers have seen taking advantage of coronavirus.

Dean Russell MP for Watford and member of the Health and Social Care Select Committee commented: “This is a new low for cyber criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable. It’s vital that the public remain vigilant against scam emails during this challenging time.

Chris Ross, SVP, Barracuda Networks added: “Our research shows that cyber criminals are exploiting the COVID-19 crisis by launching thousands of sophisticated email phishing attacks designed to trick unsuspecting workers into handing over passwords, log-in details and financial data. Many of these attacks are disguised as legitimate correspondence from organisations such as the World Health Organisation (WHO) and the National Health Service (NHS), offering help and advice, selling facemask protectionand charitable payments to help victims.

“It is absolutely vital that all employees are trained and supported to spot these scams, particularly at a time when they will be less vigilant and distracted due to working from home. All it takes is one mistake for the hackers to gain access to the company systems, allowing them to trigger a massive data breach and cause chaos.”