Coronavirus-related spear phishing attacks have jumped a staggering 667% since the end of February, according to Barracuda’s latest Threat Spotlight report.

Between March 1 and March 23, Barracuda Sentinel, the company’s AI solution for spear phishing and cyber fraud defense, detected nearly 468,000 spear phishing email attacks, and more than 9,100 of those detections were related to COVID-19. In comparison, nearly 1,200 coronavirus-related email attacks were detected in February, and just 137 were detected in January.

Barracuda researchers have seen three main types of phishing attacks using COVID-19 themes: scamming, brand impersonation and business email compromise (BEC).

Of the coronavirus-related attacks detected by Barracuda Sentinel through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail and 1% were BEC.

The goals of the attacks ranged from distributing malware to stealing credentials, and financial gain.

Fleming Shi, Barracuda‘s CTO, tells us scammers are unlikely to invest time and effort into these attacks if they aren’t successful.

Barracuda’s Fleming Shi

“Some will land in users’ inboxes and some users will click or respond,” he said. “Social engineering attacks are responsible for around 93% of data breaches. The more targeted and personalized attacks are, the more likely they are to be successful. Today, with so many workers being remote and often distracted, this makes them even more vulnerable to these attacks. Examples and data presented in this Threat Spotlight are based on attacks that were detected and blocked by Barracuda, but organizations that don’t have the right mix of email security tools will be more vulnerable to these attacks.”

It’s surprising how quickly hackers adapt to the environment and use current uncertainty to their advantage, in addition to how quickly hackers move from simpler scamming attacks to more complex ones like conversation hijacking and BEC, Shi said. And this trend will continue.

MSSPs and cybersecurity providers should focus on three areas: technology, people and data.

“MSSPs must have the right mix of detection tool to block these attacks,” Shi said. “IT resources are often stretched to the limit with so many remote workers requiring support. Automating things like incident response will help free up time for IT to focus on support and business continuity, while keeping the organization secure. Also, they must pay attention to distracted employees and outbound email — check and enable encryption and data loss prevention (DLP) policies to ensure that sensitive information is not accidentally sent to wrong person.”

In addition, MSSPs must keep training their employees to identify and report phishing attacks, and use COVID-19 examples for training purposes, he said.

“Backing up data is more important than ever,” Shi said. “With so many people working remotely, more data than ever before is being stored on Exchange, SharePoint, OneDrive or Teams. Helping organizations back up this data from accidental or malicious loss is critical to maintaining productivity and business continuity during this time.”

Remote working brings both security risks and productivity challenges, he said. Cybercriminals can take advantage of distracted and stressed employees and their email behavior.

Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts, such as the ongoing sextortion campaigns that rely on embarrassment and fear to scam people out of money. With the fear, uncertainty and even sympathy stemming from the COVID-19 situation, attackers have found some key emotions to leverage.

In addition, many of the scams that Barracuda Sentinel detected were looking to sell …

… coronavirus cures or face masks, or asking for investments in fake companies that claimed to be developing vaccines. Scams in the form of donation requests for fake charities are another popular phishing method. For example, one such scam caught by the Barracuda systems claims to be from the “World Health Community,” which doesn’t exist, but may be trying to take advantage of the similarity to the World Health Organization (WHO) and asks for donations to a Bitcoin wallet provided in the email.

In addition to widespread credential harvesting from information-stealing malware, phishing attacks with links to spoofed login pages are also using COVID-19 as a lure, according to Barracuda. One such variant that Barracuda systems detected claims to be from the Centers for Disease Control (CDC) and attempts to steal Microsoft Exchange credentials when the malicious link is clicked.

According to new insights by Forcepoint, hackers are deploying malware by creating fake emails from the WHO to target users in areas highly impacted by COVID-19. They also are using COVID-19 hooks in phishing scams to lure enterprise users by mimicking Outlook sign-in pages, attachments and meeting recordings, and creating spam masked as COVID-19 health advice or ads for related products like masks.

“Cybercriminals are opportunists that continuously evolve their methods of attack,” said Carl Leonard, principal security analyst at Forcepoint. “And, as history has shown us, the bigger the global visibility of a cyberattack opportunity – be it government elections, religious holidays or global events such as we find ourselves in today – bad actors employ every tool in their arsenal to make the most of every attack opportunity.”