Barracuda: Cybercriminals Preying on COVID-19 Vulnerabilities

Written by Edward Gately
March 26, 2020

The goals of the attacks range from distributing malware to stealing credentials, and financial gain.

Coronavirus-related spear phishing attacks have jumped a staggering 667% since the end of February, according to Barracuda’s latest Threat Spotlight report.

Between March 1 and March 23, Barracuda Sentinel, the company’s AI solution for spear phishing and cyber fraud defense, detected nearly 468,000 spear phishing email attacks, and more than 9,100 of those detections were related to COVID-19. In comparison, nearly 1,200 coronavirus-related email attacks were detected in February, and just 137 were detected in January.

Barracuda researchers have seen three main types of phishing attacks using COVID-19 themes: scamming, brand impersonation and business email compromise (BEC).

Of the coronavirus-related attacks detected by Barracuda Sentinel through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail and 1% were BEC.

The goals of the attacks ranged from distributing malware to stealing credentials, and financial gain.

Fleming Shi, Barracuda‘s CTO, tells us scammers are unlikely to invest time and effort into these attacks if they aren’t successful.

Barracuda’s Fleming Shi

“Some will land in users’ inboxes and some users will click or respond,” he said. “Social engineering attacks are responsible for around 93% of data breaches. The more targeted and personalized attacks are, the more likely they are to be successful. Today, with so many workers being remote and often distracted, this makes them even more vulnerable to these attacks. Examples and data presented in this Threat Spotlight are based on attacks that were detected and blocked by Barracuda, but organizations that don’t have the right mix of email security tools will be more vulnerable to these attacks.”

It’s surprising how quickly hackers adapt to the environment and use current uncertainty to their advantage, in addition to how quickly hackers move from simpler scamming attacks to more complex ones like conversation hijacking and BEC, Shi said. And this trend will continue.

MSSPs and cybersecurity providers should focus on three areas: technology, people and data.

“MSSPs must have the right mix of detection tool to block these attacks,” Shi said. “IT resources are often stretched to the limit with so many remote workers requiring support. Automating things like incident response will help free up time for IT to focus on support and business continuity, while keeping the organization secure. Also, they must pay attention to distracted employees and outbound email — check and enable encryption and data loss prevention (DLP) policies to ensure that sensitive information is not accidentally sent to wrong person.”

In addition, MSSPs must keep training their employees to identify and report phishing attacks, and use COVID-19 examples for training purposes, he said.

“Backing up data is more important than ever,” Shi said. “With so many people working remotely, more data than ever before is being stored on Exchange, SharePoint, OneDrive or Teams. Helping organizations back up this data from accidental or malicious loss is critical to maintaining productivity and business continuity during this time.”

Remote working brings both security risks and productivity challenges, he said. Cybercriminals can take advantage of distracted and stressed employees and their email behavior.

Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts, such as the ongoing sextortion campaigns that rely on embarrassment and fear to scam people out of money. With the fear, uncertainty and even sympathy stemming from the COVID-19 situation, attackers have found some key emotions to leverage.

In addition, many of the scams that Barracuda Sentinel detected were looking to sell …