Cyber-Criminals Continue to Exploit #COVID19 During Q2

July 29, 2020

Cyber-criminals’ exploitation of the COVID-19 pandemic to target individuals and businesses has continued unabated during the second quarter of 2020, according to ESET’s Q2 2020 Threat Report published today. The findings highlight how the crisis is defining the cybersecurity landscape in Q2 in a similar way as it did in Q1 after the pandemic first struck.

ESET observed a continuous focus on phishing using COVID-19 lures in this period. This included criminals taking advantage of the rise in online shopping that has occurred during the pandemic, with a 10-fold increase in phishing emails impersonating one of the world’s leading package delivery services found in comparison to Q1.

The shift to remote working as a result of the pandemic has also led to increased targeting of Remote Desktop Protocal (RDP) in recent months. Roman Kováč, chief research officer at ESET, commented: “Our telemetry showed a continued influx of COVID-19 lures in web and email attacks, as well as an increase in attacks targeting RDP, with persistent attempts to establish RDP connections more than doubling since the beginning of the year.”

Ransomware tactics were found to be “rapidly developing” in this period, with operators moving away from doxing and random data leaking towards auctioning the stolen data on dedicated underground sites.

The report also highlighted some of the important investigations undertaken by ESET researchers in recent months. This included the uncovering of a ransomware campaign targeting Android users in Canada under the guise of a COVID-19 tracing app. “We quickly put a halt to this operation and provided a decryptor for victims,” said Kováč.

Additionally, exclusive research revealed details of a malicious Google Chrome extension targeting hardware wallets for cryptocurrencies and a renewed targeted attack on a Hong Kong university.