sb-eu logo
Story image

COVID-19-themed attacks and PowerShell malware surged in Q2 - report

05 Nov 2020

New malware samples grew by 11.5% in Q2 2020, averaging 419 new threats per minute, and COVID-19-themed cyber-attacks increased by an eye-watering 605% in the same period, according to new research released today by McAfee.

The report, which examines cyber-criminal activity related to malware and the evolution of cyber-threats this year, also found that instances of PowerShell malware skyrocketed up to 117% in Q2 over the previous quarter. This was a consequence, McAfee says, of the proliferation of malicious Donoff Microsoft office document attacks.

“The second quarter of 2020 saw continued developments in innovative threat categories such as PowerShell malware and the quick adaptation by cybercriminals to target organisations through employees working from remote environments,” says McAfee fellow and chief scientist Raj Samani.

“What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”

COVID-19-themed threat campaigns

The pandemic was the primary factor in the ‘unprecedented’ increase of malware attacks, the report says, as organisations continued to adapt to vast numbers of employees working from home, and the cybersecurity threats that this posed.

In response to these changes to the cybersecurity industry, McAfee launched a COVID-19 threats dashboard in Q2 to analyse the extent to which attackers changed their techniques in targeting organisations and governments. This included a global network of ‘over a billion sensors’, which observed the 605% increase in COVID-19-related attack detections compared to Q1. 

Donoff & PowerShell malware

Donoff Microsoft Office documents act as TrojanDownloaders by leveraging the Windows Command shell to launch PowerShell and proceed to download and execute malicious files. 

Donoff played a critical role in driving the 689% surge in PowerShell malware in Q1 2020. In Q2, the acceleration of Donoff-related malware growth slowed but remained robust, driving up PowerShell malware by 117% and helping to drive a 103% increase in overall new Microsoft Office malware. 

Attacks on cloud users

In addition, the McAfee report reveals almost 7.5 million external attacks targeted cloud user accounts, based on cloud usage data from over 300 million McAfee users globally during Q2.

McAfee observed nearly 7.5 million external attacks on cloud user accounts. This is based on the aggregation and anonymisation of cloud usage data from more than 30 million McAfee MVISION cloud users worldwide during the second quarter of 2020. 

Story image
Secure Code Warrior launches offering to help developers adopt a security mindset
Secure Code Warrior, the secure coding company, has launched a new educational offering that simulates realistic situations to help developers extend their coding skills and preparedness.More
Story image
Zerto launches security solutions for containerised applications
The company has launched its beta program of Zerto for Kubernetes (Z4K), an extension of its Zerto Platform, to support next-generation, cloud native applications.More
Story image
40% of free VPN apps found to leak data
81.4 million users who downloaded free VPNs could be putting themselves at risk.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the benefits of Boundless Cybersecurity
Today's interviewee will discuss the ins and outs of the company's Boundless Cybersecurity solution and how it can help APAC organisations adjust to the new normal, as well as explaining the 'cybersecurity business gap'.More
Story image
The ultimate network security audit checklist
Experts project that losses and damage from cybercrime will skyrocket, with attacks ranging from spam and phishing to malware and spyware — all compromising the safety of sensitive data and proprietary information. These attacks can be minimised by performing network security audits regularly.More
Story image
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More