Security Blog for Website Security

2,500 Attacks In Less Than A Day: Coronavirus Scammers Just Went Into Overdrive

The number of coronavirus-themed attacks spiked significantly on Monday, a cybersecurity researcher reported.

A wave of 2,500 infections of just two strains of malware were all delivered in COVID-19-themed emails between 10am and 5pm CET today, were discovered by Jiri Kropac, a researcher at cybersecurity company ESET. In the days before, the number of infections were only in the tens, he said.



He told Forbes he thinks hackers are made up of two different groups, though he didn’t have any more information on either. Their malware either tries to get leverage on a computer in order to download more malicious software, or it steals personal information from an infected computer. They both target Microsoft Windows machines only. The top five most-targeted countries include Spain, Portugal, Czech Republic, Malaysia and Germany.

“This is the biggest Coronavirus or COVID-19-themed malware campaign we have registered so far. Cybercriminals often jump on the hot media topic, which Coronavirus really is,” Kropac said. “They’re using it for their profit.”

He sent over one example phishing email, attempting to trick a target into opening an attachment by promising information on vaccines.



Another cybersecurity company, Proofpoint, said it had seen a massive surge in COVID-19 attacks too. “To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever,” it wrote in a post Monday.

Proofpoint researchers said they’d seen some groups go after entire industries, with one cybercriminal gang targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries. Another group targeting the healthcare industry demanded Bitcoin payment for coronavirus remedies.



Cybercriminals have been increasingly capitalizing on the coronavirus scare in the weeks prior to today’s jump. As Forbes reported last week, a massive number of new websites had been registered using the coronavirus or COVID-19 names, some of which were already trying to infect visitors. Government hackers have been taking advantage too, with a Pakistan-linked group allegedly caught doing so on Monday too.

The U.K.’s National Cyber Security Centre released a warning today, saying it had also seen a rise in the number of COVID-19-based attacks. An arm of Britain’s spy agency GCHQ, the NCSC said it was now automatically discovering and removing malicious sites from the web.

”Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise,” the NCSC warned.

Leave a Reply

Your email address will not be published. Required fields are marked *