COVID-19 Malware is a Drop in the Ocean, Microsoft Says

Microsoft released an article on their security blog, pointing out that despite the numerous and alarming reports of malware attacks exploiting the public’s fears of the COVID-19 pandemic, those malicious campaigns have been merely a drop in a vast ocean of malware.

While Microsoft does recognize that there was a very obvious spike in COVID-themed malware and bad actors did try to make use of the stirring global situation around the virus, the volume and number of attacks focused on some sort of COVID scam were almost negligible compared against the backdrop of all other malware. Microsoft points out that the attacks really started picking up when the WHO named the disease COVID-19, giving them an easily recognizable handle to exploit.

One thing that was not entirely certain was whether the bad actors behind the COVID malware campaigns were using existing tools and attack vectors and simply renaming the bait to match the pandemic. Further research seems to indicate that this was indeed the case – previously known groups used existing malware kits and tools to carry out the attacks, simply redressing the victim-facing part of the malware to make it seem related to the pandemic.

COVID-19 Spike Chart - Source: Microsoft Corporation

The peak of the COVID-themed malware attacks happened sometime in early March, with over 5 million identified attacks in the most active week. Overt the next couple of weeks, however, the volume dropped dramatically and has remained at under 1 million for the following weeks, taking a further nosedive in early June.

Microsoft further points out that the bait used in the COVID-focused campaigns was always highly localized and tailored very appropriately to the industry or organization being targeted – further evidence that social engineering is one of the key factors in successful malware attacks in general.

This Week In Malware Ep 11: Hackers Thrive on Covid-19 Themed Ransomware & Malware Attacks

COVID-related malware worldwide followed very closely the development of the situation in each country, with Microsoft citing a sharp increase in the UK once Prime Minister Boris Johnson was taken in intensive care due to the virus and an equally sharp falloff once he was discharged from hospital.

COVID-19 global rates chart - Source: Microsoft Corporation

In the US, the biggest peak took place in mid to late March. After a prolonged period of much lower COVID malware activity in the US over the following weeks, a single-week second peak took place in late May, when 100,000 COVID-related fatalities were reported in the country.

In conclusion, Microsoft stated that even though COVID malware has diminished in volume dramatically, it will very likely stick around for as long as the virus is active and is making any sort of headlines anywhere in the world.