sb-eu logo
Story image

Cybercriminals target COVID-19 vaccine - report

Cybercriminals are pivoting from social engineering to hacking with interest in COVID-19 vaccine increasing, according to a new report from Positive Technologies.

The company has released a report that gives an overview of the cyber threat landscape during Q3 2020, which found ransomware attacks have grown with hacking now accounting for 30% of all attacks, and the healthcare industry is increasingly targeted by criminals. In particular, attackers have begun exploiting worldwide interest in a COVID-19 vaccine.

The report indicates a slowdown in the explosive growth in attacks seen during the first two quarters of the year as the COVID-19 pandemic picked up steam. Additionally, the number of targeted attacks remain stubbornly high, growing from 63 percent in Q2 to 70 percent in Q3.

Healthcare organisations were hard-hit in the third quarter. Half of all attacks against them involved ransomware, resulting in serious consequences such as attackers cashing in on patient data and crippling hospital functions and systems. Attackers did not spare clinics where COVID-19 patients were being treated or pharmaceutical sites where vaccine research was being conducted.

The third quarter also brought a record rise in the number of ransomware attacks, which accounted for over half of all malware attacks - 51 percent of the total in Q3 compared to 39 percent in Q2. Additionally, social engineering has become relatively less common since the start of the year, falling from 67 percent of attacks against organisations in Q1 to just 45 percent in Q3.

Due to the pandemic triggering a mass shift to remote working, many companies have made services available on the network perimeter for the first time. Thus, attackers have had ample opportunities to strike at companies that have not taken the proper security precautions. Exploitation of vulnerabilities (as a method for attacking organisations) grew by 30%, which is 12 percentage points more than in the previous quarter as attackers are actively targeting flaws in remote access systems.

The number of attacks on manufacturing and industrial companies has also remained high since the start of the year, with APT groups and ransomware operators the primary culprits. Nearly 70% of attackers in this instance continued to use email as their primary initial vector. The share of attacks using ransomware accounted for 45% of the total number of attacks, and 20% of attacks in Q3 included spyware or malware for remote administration.

"According to our data, COVID-19 is being exploited in attacks on individuals as well as organisations," says analyst Yana Yurakova at Positive Technologies.

"In regard to individuals, we see that the number of phishing emails related to COVID-19 is dropping quickly. Pandemic-themed messages fell from 16% of social engineering attacks in Q2 to just 4% in Q3," Yurakova says.

"In the previous quarter, phishing emails would advertise personal protective equipment or offer information about the virus, whereas now they are exploiting interest in a vaccine. 

"One mailing addressed to people in the United Kingdom claimed that local vaccine efforts were going slowly and offered a supposed vaccine for sale on the site of a Canadian pharmacy chain. Individuals need to stay extra vigilant of the threats which are circulating linked to the pandemic."