The COVID-19 pandemic is a gold mine for cybercriminals, and Malwarebytes’ new report finds the recent flood of malware threats “all have one big thing in common — using coronavirus as a lure.”
Released today, the Cybercrime Tactics and Techniques: Attack on Home Base report analyzes the trojans, info stealers and botnets that cybercriminals delivered to more homes from January to March of this year. In addition to attack volume, the report also focuses on the models used to try and trick unsuspecting victims.
“The coronavirus pandemic has left the world looking very different at the end of the quarter than it did at the beginning,” the special report states.
“For starters, millions of workers are out of the office and working from their homes. … Employees are accessing company resources through VPNs, utilizing cloud-based services, and spending countless hours chatting on communication tools, all while connecting through personal networks and machines.
“In response, cybercriminals have been deploying campaigns to trick users into installing malware that steals login information for these sites, as well as provide remote control of the endpoint to the attacker.”
Key findings include:
- Cybercriminals quickly transitioned to delivering years-old malware with brand new campaigns that preyed on the confusion, fear and uncertainty surrounding the global pandemic.
- The backdoor malware NetWiredRC, which laid low for roughly five months in 2019, dramatically increased activity at the start of 2020 — with a detection increase of at least 200 percent by March, compared to December.
- Malwarebytes recorded increased detections of nearly 110 percent between February and March for the malware AveMaria, a dangerous remote access trojan that can provide remote desktop access and remote webcam control, and can steal passwords.
- Detections shot up more than 160 percent between February and March for DanaBot, an invasive trojan and information stealer that can swipe online banking account credentials.
- Phishing campaigns appear to be the most popular attack method, but cybercriminals have also been creative with fraudulent websites that hide malware.
- A 26 percent increase in credit card skimming activity in March puts home shoppers at greater risk.
The report recommends boosting security by taking the following steps.
- Run security software on any system which is not only connected to your home network but is also used regularly. “With this current flood of attacks, the malware families being deployed will change quickly to avoid detection and be difficult to defeat without updated security tools that monitor system applications and behavior,” the report warns.
- Use a virtual private network (VPN). This will not keep you protected from malware; however, it will help to keep your online activities from your browser or connection revealing personal information or tracing your behavior. This creates an additional measure of layered protection when you shop online.
- Use trusted sources for information, shopping or applications. The spread of misinformation allows many of the attacks mentioned in the report to flourish — so relying on certain trusted vendors, websites and news sources is the best approach.
- Avoid repeated entries of credit card numbers into applications. Use something like PayPal, Apple Pay, Samsung Pay, or Google Pay, which can offer greater security of your financial information and reduce the chance that your card information will be spread online.
- Change online service passwords on a separate, trusted computer, then thoroughly clean the suspected system with an anti-malware application if there are identified active infections or suspected system or data compromise.
See the full report here: https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf