sb-as logo
Story image

COVID-19-themed attacks and PowerShell malware surged in Q2 - report

05 Nov 2020

New malware samples grew by 11.5% in Q2 2020, averaging 419 new threats per minute, and COVID-19-themed cyber-attacks increased by an eye-watering 605% in the same period, according to new research released today by McAfee.

The report, which examines cyber-criminal activity related to malware and the evolution of cyber-threats this year, also found that instances of PowerShell malware skyrocketed up to 117% in Q2 over the previous quarter. This was a consequence, McAfee says, of the proliferation of malicious Donoff Microsoft office document attacks.

“The second quarter of 2020 saw continued developments in innovative threat categories such as PowerShell malware and the quick adaptation by cybercriminals to target organisations through employees working from remote environments,” says McAfee fellow and chief scientist Raj Samani.

“What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”

COVID-19-themed threat campaigns

The pandemic was the primary factor in the ‘unprecedented’ increase of malware attacks, the report says, as organisations continued to adapt to vast numbers of employees working from home, and the cybersecurity threats that this posed.

In response to these changes to the cybersecurity industry, McAfee launched a COVID-19 threats dashboard in Q2 to analyse the extent to which attackers changed their techniques in targeting organisations and governments. This included a global network of ‘over a billion sensors’, which observed the 605% increase in COVID-19-related attack detections compared to Q1. 

Donoff & PowerShell malware

Donoff Microsoft Office documents act as TrojanDownloaders by leveraging the Windows Command shell to launch PowerShell and proceed to download and execute malicious files. 

Donoff played a critical role in driving the 689% surge in PowerShell malware in Q1 2020. In Q2, the acceleration of Donoff-related malware growth slowed but remained robust, driving up PowerShell malware by 117% and helping to drive a 103% increase in overall new Microsoft Office malware. 

Attacks on cloud users

In addition, the McAfee report reveals almost 7.5 million external attacks targeted cloud user accounts, based on cloud usage data from over 300 million McAfee users globally during Q2.

McAfee observed nearly 7.5 million external attacks on cloud user accounts. This is based on the aggregation and anonymisation of cloud usage data from more than 30 million McAfee MVISION cloud users worldwide during the second quarter of 2020. 

Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Ransomware and Microsoft Exchange attacks surging 
There are global surges in ransomware attacks alongside increases in cyber attacks targeting Microsoft Exchange Server vulnerabilities, according to Check Point Research.More
Story image
Claroty discovers vulnerabilities in Ovarro TBox RTUs
The vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions.More