Cyber criminals are cashing-in on the COVID-19 crisis by launching a wave of Coronavirus-related email attacks, according to new research from Barracuda Networks.
Barracuda researchers have been monitoring global phishing activity around Covid-19 since the start of the year, recording 137 incidents in January, 1,188 in February, rising to 9,116 in March so far, an increase of 667% since the end of February.
Between 1st March and 23rd March 2020, Barracuda Sentinel detected a grand total of 467,825 email attacks globally. Breaking down the data, 9,116 of those detections were related to COVID-19, representing about 2% of attacks.
A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. The attacks use common phishing tactics that are seen regularly, however a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users capitalise on the fear and uncertainty of their intended victims.
Barracuda’s research team have seen three main types of phishing attacks using coronavirus COVID-19 themes — scamming, brand impersonation, and business email compromise. Of the coronavirus-related attacks detected by Barracuda Sentinel through to 23rd March, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail and 1% were business email compromise.
The goals of the attacks ranged from distributing malware to stealing credentials, and financial gain. One new type of ransomware Barracuda Networks’ systems detected has even taken on the COVID-19 namesake and dubbed itself Coronavirus. Another scam email claimed they were looking to sell coronavirus cures or face masks or asking for investments in fake companies that claimed to be developing vaccines.
Additionally, scams in the form of donation requests for fake charities are another popular phishing method our researchers have seen taking advantage of Coronavirus. One example of a scam caught by the Barracuda systems claims to be from the World Health Community (which doesn’t exist but may be trying to take advantage of similarity to the World Health Organisation) and asks for donations to a Bitcoin wallet provided in the email.
Phishing attacks using COVID-19 as a hook are quickly getting more sophisticated. In the past few days, Barracuda researchers have seen a significant number of blackmail attacks popping up and a few instances of conversation hijacking. In comparison, until just a few days ago the company was primarily seeing mostly scamming attacks. The company expects to see this trend towards more sophisticated attacks continue.
For example, researchers saw one blackmail attack that claimed to have access to personal information about the victim, know their whereabouts, and threatened to infect the victim and their family with coronavirus unless a ransom was paid. Barracuda Sentinel detected this particular attack 1,008 times over the span of two days.
Dean Russell MP for Watford and member of the Health and Social Care Select Committee comments, “This is a new low for cyber criminals, who are acting like piranha fish, cowardly attacking people en masse when they are at their most vulnerable. It’s vital that the public remain vigilant against scam emails during this challenging time.”
Chris Ross, SVP, Barracuda Networks, added, “Our research shows that cyber criminals are exploiting the COVID-19 crisis by launching thousands of sophisticated email phishing attacks designed to trick unsuspecting workers into handing over passwords, log-in details and financial data. Many of these attacks are disguised as legitimate correspondence from organisations such as the World Health Organisation and the NHS, offering help and advice, selling facemask protection and charitable payments to help victims.