Although the number of COVID-19 themed scams has exploded since the start of this year, InfoSec Secureworks' holding estimates that overall online crime has remained fairly stable.
Many other infosec companies have been keen to talk about the increase in coronavirus scams and phishing, but Secureworks rather broke the mold by declaring earlier this month that it had not seen an increase general online malice.
Don Smith, senior director of the firm's cyberintelligence, said The register: “The threat level is almost constant, but the actors have shifted their attention, their decoys and their phishing considerably to focus almost exclusively on COVID-19”, adding: “But it is exactly the same decoys and phishing that would have been out “with a different subject four months ago. ”
Since the coronavirus pandemic has spread from a local problem in China to a global threat, governments and businesses have warned of a COVID-19 themed spam explosion. GCHQ, an offshoot of the National Cyber Security Center, said earlier this month that it had removed a number of web domains that it believed were linked to hosting malware related to coronaviruses, botnet command servers and others.
All of this, said Secureworks, is proof that malicious people have poured most of their cybercrime resources into the day lure currently attracting the attention of the world, rather than running a dramatically increased capability set just as the countries were locked out.
Less taxes, more flights
Mike McLellan, a researcher at Secureworks, said the firm “normally sees peaks around tax season, spikes in HMRC scams and the like”, which had been much less evident this year.
“Because of the global appeal of COVID-19 and its longevity, everyone has converged on the same topic at the same time,” he said. “With the appearance of a huge spike in activity, there is more than one coalition of actors all using the same kind of thing to deceive people.”
However, there are still state-funded background activities and other cybercrime activities. When El Reg When asked about the level of activity in the background, Secureworks reported a recent blog post setting out in more detail what he has seen since January.
McLellan explained: “All of the botnets we follow have been constantly active, with the exception of Emotet – who came back online recently, but was due to retooling rather than something else … apart from hostile state actors, there may have been a slight drop around January for February [in phishing and common-or-garden malware threats], as much related to the fact that COVID-19 is a problem [the creators'] country than anything else. ”
The cat is gone, the mice will play
A particular example was with a Trickbot campaign that Secureworks spotted spreading to Italy in early March – at the same time as a very real virus was spreading. McLellan said that 10 days after the Italian government launched the national lockdown, “we have seen banks being added to the web injection setups for Trickbot. It seems to us that the operators of Trickbot have decided that Italy could be a good country to pursue, especially Italian banks. I'm speculating here, but potentially more people are going to be at home; online banking is going to be more important in this scenario. ”
Tempering the company's counter-FUD stance, Smith wanted to point out that “we are not complacent here, we are not sitting here laughing and saying” let's go ahead. “We first assess s ‘there is a high risk. ”
The idea that overall malware threats have not increased despite the sharp increase in virus-themed decoys in recent months will reassure some. With the UK government and the infosec industry eager to share simple and effective infoec advice with the general public, perhaps this could become a golden age for cybersecurity education – and to avoid the FUD. ®
Office 365 client-to-client migration tips