sb-as logo
Story image

Cybercriminals target COVID-19 vaccine - report

Cybercriminals are pivoting from social engineering to hacking with interest in COVID-19 vaccine increasing, according to a new report from Positive Technologies.

The company has released a report that gives an overview of the cyber threat landscape during Q3 2020, which found ransomware attacks have grown with hacking now accounting for 30% of all attacks, and the healthcare industry is increasingly targeted by criminals. In particular, attackers have begun exploiting worldwide interest in a COVID-19 vaccine.

The report indicates a slowdown in the explosive growth in attacks seen during the first two quarters of the year as the COVID-19 pandemic picked up steam. Additionally, the number of targeted attacks remain stubbornly high, growing from 63 percent in Q2 to 70 percent in Q3.

Healthcare organisations were hard-hit in the third quarter. Half of all attacks against them involved ransomware, resulting in serious consequences such as attackers cashing in on patient data and crippling hospital functions and systems. Attackers did not spare clinics where COVID-19 patients were being treated or pharmaceutical sites where vaccine research was being conducted.

The third quarter also brought a record rise in the number of ransomware attacks, which accounted for over half of all malware attacks - 51 percent of the total in Q3 compared to 39 percent in Q2. Additionally, social engineering has become relatively less common since the start of the year, falling from 67 percent of attacks against organisations in Q1 to just 45 percent in Q3.

Due to the pandemic triggering a mass shift to remote working, many companies have made services available on the network perimeter for the first time. Thus, attackers have had ample opportunities to strike at companies that have not taken the proper security precautions. Exploitation of vulnerabilities (as a method for attacking organisations) grew by 30%, which is 12 percentage points more than in the previous quarter as attackers are actively targeting flaws in remote access systems.

The number of attacks on manufacturing and industrial companies has also remained high since the start of the year, with APT groups and ransomware operators the primary culprits. Nearly 70% of attackers in this instance continued to use email as their primary initial vector. The share of attacks using ransomware accounted for 45% of the total number of attacks, and 20% of attacks in Q3 included spyware or malware for remote administration.

"According to our data, COVID-19 is being exploited in attacks on individuals as well as organisations," says analyst Yana Yurakova at Positive Technologies.

"In regard to individuals, we see that the number of phishing emails related to COVID-19 is dropping quickly. Pandemic-themed messages fell from 16% of social engineering attacks in Q2 to just 4% in Q3," Yurakova says.

"In the previous quarter, phishing emails would advertise personal protective equipment or offer information about the virus, whereas now they are exploiting interest in a vaccine. 

"One mailing addressed to people in the United Kingdom claimed that local vaccine efforts were going slowly and offered a supposed vaccine for sale on the site of a Canadian pharmacy chain. Individuals need to stay extra vigilant of the threats which are circulating linked to the pandemic."

Story image
Google Cloud announces availability of zero trust platform BeyondCorp Enterprise
The platform directly replaces BeyondCorp Remote Access, which was brought to the market in April 2020 as Google’s first foray into the zero trust space.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
App security not keeping up with rapid development — Radware
“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.”More
Story image
Check Point uncovers live Linux attack, urges users to take action
“What we have identified is a live and ongoing cyber attack campaign targeting specific Linux users."More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More