Malwarebytes just released a special edition of its latest quarterly Cybercrime Tactics and Techniques (CTNT) report. The report is entitled “Cybercrime tactics and techniques: Attack on home base” and focuses on recent malware threats, which all have one thing in common—using coronavirus as a lure.
This special, COVID-19 themed CTNT report for January 2020 to March 2020 looks at the most prominently spread malware families taking advantage of this crisis.
Additionally, this report provides a look into what the campaigns that spread these threats look like and the capabilities of the malware, along with information about card skimmers and APT attacks, wrapping up with some tips on staying safe.
Here are some key findings of the report.
- Cybercriminals quickly transitioned to delivering years-old malware with brand new campaigns that preyed on the confusion, fear, and uncertainty surrounding the global coronavirus pandemic.
- Malwarebytes discovered that the backdoor malware NetWiredRC, which laid low for roughly five months in 2019, dramatically increased its activity at the start of 2020, with a detection increase of at least 200 percent by March compared to last December.
- The period between January and February was, for several of the malware types analyzed, a precursor to even greater, increased detection activity between February and March.
- Malwarebytes recorded increased detections of nearly 110 percent between February and March for the malware AveMaria. This dangerous remote access trojan can provide remote desktop access and remote webcam control, with the additional ability to steal passwords.
- Malwarebytes recorded increased detections of more than 160 percent between February and March for the malware DanaBot, an invasive trojan and information stealer that can swipe online banking account credentials.
- Phishing campaigns appear to be the most popular attack method, but cybercriminals have also gotten creative with fraudulent websites that hide malware.
- A 26 percent increase in credit card skimming activity in March puts home shoppers at greater risk.
The threat landscape of the last few months has been very different from that of the end of 2019. Attacks in the COVID-19 era are focused on stealing information and using remote employees as doorways into more valuable networks. This recent activity suggests that security professionals need to place particular emphasis on spreading valuable security knowledge to protect people while they are working at home base.
Here’s a direct link to the full report: https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf
Steven Bowcut, CPP, PSP is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Facebook, Instagram, and LinkedIn.