Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Microsoft on COVID-19 Themed Cyberattacks

    microsoft cyberattackMicrosoft’s Threat Protection Intelligence Team has published a report providing a detailed look into the proliferation of COVID-19-themed phishing over the past several months. The researchers found that the timing of these attacks was often correlated with local news stories, the better to capitalize on peoples’ fears when tensions were highest.

    In the UK, for example, COVID-19-themed phishing attacks peaked when the US announced a travel ban to Europe. The country saw another spike in these attacks when Prime Minister Boris Johnson was moved to intensive care, but the attacks leveled off after Johnson was discharged from the hospital. South Korea saw a similar trend, with COVID-19 phishing peaking in May amid fears of a second wave of cases.

    “Malware campaigns, attack infrastructure, and phishing attacks all showed signs of this opportunistic behavior,” the researchers write. “These shifts were typical of the global threat landscape, but what was peculiar in this case was how the global nature and universal impact of the crisis made the cybercriminal’s work easier. They preyed on our concern, confusion, and desire for resolution.”

    Interestingly, the researchers present a graph showing that the global spike in COVID-19-themed phishing lures is “barely a blip” when viewed against the total number of phishing attempts during the same period. This indicates that cybercriminals continued operating as normal throughout the crisis, but modified some of their lures to exploit current events. The researchers explain that this strategy is consistent with how cybercriminals have always functioned.

    “Cybercriminals are adaptable and always looking for the best and easiest ways to gain new victims,” the researchers write. “Commodity malware attacks, in particular, are looking for the biggest risk-versus-reward payouts. The industry sometimes focuses heavily on advanced attacks that exploit zero-day vulnerabilities, but every day the bigger risk for more people is being tricked into running unknown programs or Trojanized documents. Likewise, defenders adapt and drive up the cost of successful attacks. Starting in April, we observed defenders greatly increasing phishing awareness and training for their enterprises, raising the cost and complexity barrier for cybercriminals targeting their employees. These dynamics behave very much like economic models if you turn ‘sellers’ to ‘cybercriminals’ and ‘customers’ to ‘victims.’”

    Microsoft concludes that organizations should invest in cross-domain signal analysis, patch management, and user education to ensure all their bases are covered. Attackers will always be shifting their tactics to overcome new security measures. New-school security awareness training can help your employees stay informed about the evolving threat landscape.

    Microsoft has the story: https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Security Awareness Training, KnowBe4, COVID-19

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews