Skip to main content

China, US and Russia are frequent targets for Covid-19 related phishing attacks

Ann Johnson, Corporate Vice-President for Cybersecurity Solutions Group at Microsoft
(Image credit: Microsoft)

China, the US and Russia have been the frequent targets for Covid-19 related phishing attacks, followed by Japan, Latin America, Europe and other parts of Asia Pacific due to remote working, Microsoft security expert said.

Ann Johnson, Corporate Vice-President for Cybersecurity Solutions Group at Microsoft, said that they are seeing a significant increase in Covid-19 related phishing attacks and are blocking about 24,000 bad emails per day and, at one point, have observed 116 phishing campaigns related to the pandemic.

“We have seen about 2,300 unique HTML attachments themed as Covid financial compensation in one campaign alone. We also have blocked 18,000 Covid themed URLs and IP addresses on a single day. We are not seeing an overall increase in phishing attacks but only related to Covid-19.  Phishing attacks have changed in dimension to be more Covid-19 related,” she said.

Accordion to Barracuda researchers, they have detected 467,825 spear-phishing email attacks between March 1 and March 23, and 9,116 of those detections were related to Covid-19, representing about 2% of attacks.

In comparison, a total of 1,188 coronavirus-related email attacks were detected in February, and just 137 were detected in January.

Organisations around the world are adapting to remote work options, supporting workers to have access to data, information and networks.

Johnson said that the work-from-home policy has increased the temptation for bad actors and security teams must look urgently at new scenarios and new threat actors as the organisations have now become distributed overnight and with less time to make detailed plans or run pilots.

“We have seen an instant increase in attacks whenever there is a Covid hotspot globally and wane off slowly when the next hotspot arises,” she said.

Moreover, she said that threats actors are not going to slow down and are going to advantage of global disruptions in businesses and increase the attacks.

The work-from-home strategy ranges from online communication tools such as Microsoft Teams or Windows virtual desktops, she said and added that these have security and productivity implications in place.

“We have used split tunnelling for VPNs so that internet-based assets can access securely without VPNs and with multi-factor authentication to avoid phishing attacks so that companies can feel very comfortable in accessing Teams and continue to have virtual meetings without having to depend on VPN bandwidth. The other trend we are seeing is that companies are moving to a virtual desktop environment,” she said.

Well prepared to defend attacks

However, Johnson said that an increase, which happened during the start of the year in state-sponsored attacks or advanced persistent threats (APTs), is normalising now for the past to three days. 

“We have a lot of technologies to help protect customers and block attacks through machine learning by using 8 trillion data threat signals per day to understand what is good and what is bad.

“We have our exchange online protection that does email filtering, in addition to Microsoft Defender ATP at the endpoints looking for known bad URLs,” Johnson said.

One of the other technologies, she said that Microsoft is trying hard to implement on the customers is the Azure active directory with traditional access.

“When you are working from home, you want to have the full view of the user behaviour, device behaviour, application behaviour and network behaviour. We continue to build proactive protections against Covid-related attacks, either manually or by using machine learning,” she said.

Bad actors are preying on the physiology of the end-users and, at the same time, she said that the end-users are extremely stressed about the health of their families, loss of lives they are seeing and hearing, schooling their children at home and work from home.

Johnson said raising awareness is the key and urged home workers not to click on any unauthenticated links and enable multi-factor authentication 100% of the time.

“Multi-factor authentication is one way to block the harm during the crises,” she added.