Just over 10% of all phishing attempts in Q1 were related to COVID-19.
According to research by Positive Technologies, 13% of phishing attacks were related to COVID-19 and the number of attacks increased by 22.5% from what was seen in Q4 of 2019. Yana Avezova, analyst at Positive Technologies, said: “Hackers were quick to use common concerns about coronavirus as lures in phishing emails. One out of every five emails was sent to government agencies.”
The research also determined there were 23 “very active” APT groups whose attacks in Q1 2020 mostly targeted government agencies, industrial, financial and medical institutions.
Also, more than a third (34%) of all malware attacks on organizations used ransomware, particularly where ransomware operators demanded a ransom in exchange for not disclosing stolen data. The research found that one out of every 10 ransomware attacks targeted industrial organizations.
At the beginning of the year, many cybersecurity experts found high levels of activity relating to a new ransomware called Snake, which is capable of stopping processes related to ICS operation and deleting backups or snapshots of files in use.
Jamie Akhtar, CEO and co-founder of CyberSmart, said the report isn’t surprising, as there was an “enormous spike in phishing campaigns, fake websites and social profiles that were deliberately impersonating COVID-19 and healthcare-related authorities as hackers exploited the unprepared public.”
He added: “Many of these phishing emails can be extremely convincing and are not likely to end soon.
“Businesses and their employees can protect themselves against these attacks in the future by using email filtering that will detect and flag suspicious email addresses and malicious links or attachments, but these often don't catch everything. Training employees on how to spot suspicious and phishing emails is the best way to prevent these kinds of attacks.”