A year ago — everything altered. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their entrances, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, and the vast majority of companies had to switch to remote work, sometimes with only a week’s notice. As life-time for big swaths of the population moved entirely online, the cybercriminals were ready.

In fact , is not simply did the route people lived and worked varied, but so did the procedures and tactics are exploited by felons on the Internet looking to exploit the massive increase in online traffic.

With the approval of several inoculations against the coronavirus, a post-pandemic future is finally in sight. However, there is still a long way to go before life returns to normal, and some alterations, such as remote work, look like they are here to stay — as do the new cyber threats that emerged alongside these shifts.

On the anniversary of the world shutdown, Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic — and what that means for customers in the years to come.

From targeted attacks to exploiting all things COVID-related, the biggest trends in spam and phishing

Phishing is still one of the most effective types of strikes because it exploits users’ emotions, particularly their dread and anxiety. With both sets of former heightened thanks to the pandemic, phishing assaults proved to be a highly lucrative attack vector for cybercriminals.

In 2020, offenders launched a variety of defrauds that exploited the pandemic topic from just about every slant, from circulars to masks when they were in short supply to special rebates from the government.

A fake landing page for a mask advertised in a phishing email. Consumers are inspired to put in their pay details for a mask that will most likely never arrive

Scammers often imitated contributing authority figures on the pandemic, like the CDC and the World Health Organization, to give their emails additional authority — and increase the chances that users would click a malicious connect. Once clicked, customers could end up unknowingly downloading a range of threats on their computer, from various Trojans( malicious files that allow cybercriminals to do everything, from deleting and blocking data to interrupting the performance of the computer) and worms( files that are capable of destroying, blocking, modifying or facsimile data ). Of course, in other instances, such as those involving advertisements for masks, the primary goal is stealing money and/ or payment information.

An email supposedly from the CDC claiming that there is an urgent update regarding the pandemic

Surprisingly, one of the most common themes exploited revolved around delivery interruptions. A standard part of business operations is building various business orders, and criminals utilized the uncertainty surrounding mail services during the pandemic to trick customers into downloading malware. They would mail emails claiming that, due to COVID, an important delivery had been delayed and that the target must verify the new delivery information( different situations easy to believe in the middle of a pandemic) in order to receive it. However, upon click the attachment, the users would download Trojans ranging from spyware to backdoors.

A phishing email claim that a delivery has been delayed and containing a malicious attachment

In fact, in 2020, delivery services became one of the top ten organization types targeted by phishers.

Remote project — and the rise of brute-force attacks

With many companies forced to close their entrances with little notice, few had time to set the proper security measures in place. The make was that many became vulnerable to a host of new assaults as their employees began logging in to corporate resources from personal devices and on unsecured networks. Chief among them? Brute-force attacks against the RDP protocol, Microsoft’s proprietary protocol that enables users to access Windows workstations or servers. RDP is one of the most popular remote access protocols are exploited by companies, inducing it a favorite target for attackers. In a brute-force attack, attackers attempt to haphazardly guess a username and password for the RDP connection by trying different combinations until they guess the right ones — and gain access to the confidential corporate resources.

In spring of 2020, the number of brute-force attacks against the RDP protocol skyrocketed across virtually the entire planet.

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

The number of brute-force attacks against the RDP protocol( download)

As shown in the graph, as soon as lockdowns announced today, the number of brute-force RDP attacks radically increased — from 93.1 mln worldwide in February to 277.4 mln in March — a 197 percent increase. While the number of strikes has ebbed and flowed as the pandemic continued, the number of attacks has not returned to pre-pandemic degrees. In reality, after new lockdowns were announced in the winter, RDP onslaughts once again displayed an upward trend. In February 2021, there were 377.5 mln brute-force attacks — a far cry from the 93.1 mln witnessed in the early stages of 2020.

Virtual communication platforms under attempt

With the world on lockdown, Internet demand reached unprecedented levels. Large companies from Facebook to Netflix to YouTube, were forced to reduce their video quality in order to keep up with demand. And all those extra customers signified a host of new targets for crooks. By the May of 2020, the average daily number of attempts blocked by Kaspersky Web Anti-Virus had increased by 25%. In reality, the number of web onslaughts, after displaying a decline in the summer of 2020, reached a new peak in the December as much of the world was facing a second wave of the pandemic.

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Number of web-based assaulted blocked by Kaspersky Web Anti-Virus from March 2020 through February 2021( download)

A big segment of users’ time spent online was dedicated to meeting and collaborating virtually. That is why meeting and messenger apps, like Zoom and Teams, became a popular lure for distributing cyberthreats.

Upon examining popular meet and videoconferencing apps, including Zoom, Webex, and MS Teams, Kaspersky researchers noticed growing numbers of malicious files spread under the guise of these apps’ names.

! part( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

The number of malicious files spread under the guise of popular meet apps( Webex, Zoom, MS Teams, HighFive, Lifesize, Join.me, Slack, Flock, Gotomeeting)( download)

In the January of this year, there were 1.15 mln such files detected — the highest number since the lockdown began. These files are often bundled as one of the purposes of apparently legitimate application installers, which can be encountered in several ways: through phishing emails claiming to have notifications or special offerings from their platforms or through phishing web pages.

Lessons learned

Peoples’ lifetimes have become increasingly digital for years, and this is a trend that is likely to continue. It is still unclear when travel will get back to normal and with remote study staying in the picture, videoconferencing and session apps will continue to be in high demand. Of course, the more time users spend online, the more vulnerable they are to security risks.

While the pandemic may be heading into its final phases, there were new topics for phishers and scammers to exploit, like health passports for traveling or vaccine distribution, and possibilities are they will exploit them. It is important that users view any email or website referencing the pandemic with a skeptical eye. What is more, recent events have shown how willing offenders are to take advantage of crisis, and, while this pandemic will subside, it certainly will not be the last crisis.

With many organizations already stating that they will continue to make remote project an option and/ or adopt a hybrid framework, RDP is not going anywhere — and neither are attacks against the protocol. That intends businesses need to reevaluate their usage of RDP and learn how to secure remote access.

If there is has ever been a time for companies to reevaluate and bolster their security strategy, that time is now.

Read more: securelist.com