In comments echoing those it made at the start of the crisis, the Microsoft Threat Protection Intelligence Team claimed that even the peak of COVID-related attacks in the first two weeks of March was “barely a blip in the total volume of threats we typically see in a month.”
These were opportunistic attempts to exploit huge public interest in the virus via mainly localized phishing lures, which is why they increased 11-fold the week after the World Health Organization (WHO) officially named the pandemic “COVID-19.”
“This surge of COVID-19 themed attacks was really a repurposing from known attackers using existing infrastructure and malware with new lures,” said Microsoft. “In fact, the overall trend of malware detections worldwide did not vary significantly during this time.”
Although COVID-themed attacks remain higher than they were in early February and will continue as long as the virus does, the vast majority of threats are more typical phishing and identity compromise attempts, it continued.
The key takeaway for IT security teams is that while phishing lures can change quickly, the underlying malware remains the same.
They should therefore double down on enhanced user awareness training programs, “cross-domain signal analysis,” and patching, said Microsoft.
“These COVID-19 themed attacks show us that the threats our users face are constant on a global scale. Investments that raise the cost of attack or lower the likelihood of success are the optimal path forward,” it concluded.
“Focus on behaviors of attackers will be more effective than just examining indicators of compromise, which tend to be more signals in time than durable.”
Google claimed back in April that it is blocking 18 million malware and phishing emails linked to COVID each day, although it also admitted that “in many cases” these threats are not new but repurposed from other campaigns.
Source: Infosecurity Magazine