The COVID-19 pandemic has pushed us all into our homes to safe-guard from potential infection but with so many people now online cybercriminals have their eyes on weak links.

Cybersecurity firm Mimecast has taken a hard look at how cybercrime has evolved and adapted since the virus started grabbing headlines.

Mimecast has looked at the first 100 days following the outbreak of COVID-19 at the end of December 2019.

Using the week 30th December 2019 – 5th January as a baseline Mimecast identified four areas where it detected an influx of detections.

Those areas are:

  • Spam/opportunistic threats
  • Impersonation
  • AV/malware threats
  • Malicious URLs

With that in mind Mimecast reports the following baseline numbers for the first week of its reporting:

  • 110.6 million spam/opportunistic detections
  • 3.8 million impersonation detections
  • 1.24 million AV/malware detections
  • 902 000 blocked URL clicks

Also of note is that during this week, the banking and professional services sectors were attacked the most out of all sectors.

Mimecast does point out that generally, this period is quieter than other times of the year regarding cybercrime but the spike in detections following that period is.

“Detection levels resumed their previous scale very rapidly in January, only to continue to increase substantially throughout the rest of the period of this report. This is abnormal behavior considering the apparent significant volume escalation of all detections during this period,” reads the Mimecast report.

So how did this change over the weeks?

In the second week of January, threats saw a notable increase, specifically malware.

Compared to the first week malware detections increased by 239 percent. As many as 16.7 percent of those threats were against Australasia and Sub-Saharan Africa.

The threat vectors used include JS-based phishing emails, RAR files, ISO files, ZIP files and a Microsoft Office vulnerability (CVE-2017-11882).

  • Spam/opportunistic increased by 16.7 percent
  • Impersonation increased by 53.8 percent
  • Malware increased by 239 percent
  • Blocked URL clicks increased by 19.87 percent

Perhaps most interesting, however, was that the focus of attackers shifted to the retail and wholesale sectors.

Looking at the data we noticed that after the third week the threat vectors shifted slightly.

Impersonations increased consistently and substantially over the weeks.

Mimecast notes that cybercriminals may be leveraging the fact that many folks are working from home as a reason that impersonation threats increased in popularity.

It makes sense because folks may not be as willing to ask if a person sent a particular email or get in touch with support systems.

This is not to say that malware, malicious URLs and the like became less of a threat but rather simply that impersonation became more popular.

“Threat actors will always seek opportunities for exploiting chaos, confusion, and uncertainty to their advantage. Through utilizing deception, feigns, and guile they seek to deliver malicious effects. It is considered almost certain (≥≈ 95%) that threat actors will exploit the uncertainty with the application of mitigating measures to target those who are most vulnerable, and who are increasingly likely to be isolated at home and, therefore, more difficult to support organisationally,” said Mimecast.

This increase in threats of various forms highlights the need for a multi-layered approach to cybersecurity, especially as the workforce is separated.

In that regard Mimecast has a number of cybersecurity resources and advice for companies who have asked workers to work from home to peruse and pass along for free.

The full, exhaustive 100 Days of Coronavirus (COVID-19) report can be viewed here for free [PDF].

[Image – CC 0 Pixabay]