This year, Covid-19 took over the real world as well as the cyberworld
2020 has been defined by the Covid-19 virus affecting the entire world, both online and offline. Our team has observed cybercriminals using the pandemic to their advantage, spreading scams and phishing attacks to exploit people’s weaknesses during trying times.
Ransomware attacks continued to thrive this year, pitilessly attacking medical institutions. Certain types of threats — including stalkerware and adware — flourished due to people being forced into lockdown and likely spending more time on their mobile devices. Cybercriminals began to promote mobile adware more heavily to younger audiences via popular social platforms like YouTube, TikTok, and Instagram.
Covid-19 fakes and scams
In addition to fake news, Covid-19-related fake shops and malware made their rounds in 2020. A number of scams circulated, designed to take advantage of people searching for information around the virus, and associated topics such as supplies of face masks and ventilators. Avast identified malvertising campaigns being adapted to the situation, fake shops and products like cures and medication for the virus being “sold” online, the World Health Organization's name and logo being exploited to deceive people into inadvertently downloading malware in messages containing coronavirus and other related terms in malicious files spreading via email, SMS, and other malware. Also, via its mobile threat intelligence platform, apklab.io, Avast tracked more than 600 malicious apps including mobile banking trojans and spyware, posing as apps that offered some sort of a Covid-19-related service.
Fake news spread during the pandemic, including fake news alleging that Bill Gates created or financed the creation of Covid-19 in order to sell vaccines, and gain power over the world. Other examples of fake news during the pandemics include conspiracy theorists speculating democratic governments using the virus as an excuse to turn their systems into autocracies, and that 5G was responsible for the spread of the coronavirus.
“To summarize 2020, things weren’t always how they appeared — it was a year of fake news and scams, deceiving users while taking advantage of the pandemic. Cybercriminals take advantage of trends, to make sure they attract as many potential victims as possible. We observed cybercriminals adapting their attacks to take advantage of the crisis, because people are hungry for information and might be more susceptible to falling victim. Additionally, given the lockdowns and other restrictions, people are more often online and so the target pool of potential victims of cybercriminals has also likely increased,” said Luis Corrons, Security Evangelist at Avast.
At the beginning of the year, Avast saw an increase in ransomware attacks in the early pandemic months. Ransomware grew by 20% during March and April in comparison to January and February this year.
Multiple ransomware attacks targeted hospitals this year, despite threat actors publicly stating they would stop targeting hospitals. Avast was involved in helping hospitals and other businesses infected with ransomware, including the Brno University Hospital in the Czech Republic, which is also a testing center for the coronavirus, and was infected with Defray777. Healthcare institutions were attacked by Maze ransomware, which steals data before encrypting it and threatens to release hostage data if the ransom is not paid.
Other notable victims of ransomware attacks in 2020, which paid ransom demands up into the millions, include the University of California San Francisco, Travelex, and companies including Garmin, Jack Daniels and the Ritz Londo
Remote work proved to be a challenge
The pandemic forced many companies to send employees home to work remotely. According to a survey conducted by the European Foundation of the Improvement of Living and Working Conditions, nearly half of the European employees surveyed worked at home at least some of the time during the Covid-19 pandemic, and of these, one-third reported working exclusively from home. Employees took their company devices home which broadened the attack surface for companies, as the home network infrastructure usually isn’t as secure as an enterprise network.
Deepfakes taking off
Deepfakes, particularly pornographic deepfakes appeared in 2020, including explicit deepfakes of TikTok users. In a talk at Avast's Cybersec & AI Connected virtual conference, Professor Hany Farid of UC Berkeley noted that technology is evolving quickly, making it easier and easier for deepfakes to be created, and the rate at which deepfakes can spread is also increasing due to social media. Farid also noted that “nothing has to be real anymore”, meaning that people will believe fakes, especially when it comes to political deepfakes.
Phishing is an evergreen technique used by cybercriminals that did not slow down in 2020. While Covid-19 related phishing attacks surged in March, the impact on overall phishing numbers was small: Less than 1% of global phishing attacks used Covid-19 as a theme throughout the year.
Mobile adware creators leveraging social media channels Out of all Android threats that Avast detected in 2020, adware was the dominant malware, with a share of nearly 50% in Q1, over 27% in Q2 and 29% in Q3 out of all Android threats. Avast found more than 50 scam apps on the Google Play and Apple App Stores in 2020, that needed to be removed by Google’s and Apple’s security teams.
“Developers of adware increasingly used social media channels in 2020, like regular marketers would, to increase the number of app downloads. Users reported they were targeted with ads promoting adware apps on YouTube, and in September we saw adware spread via profiles on TikTok. The popularity of these social networks make them an attractive advertising platform, also for cybercriminals, to target a younger audience,” said Jakub Vávra, Threat Analyst at Avast.
Stalkerware Stalkerware is a growing category of malware with disturbing and dangerous implications. Avast identified parallels between the use of stalkerware and the lockdown time in the spring. Stalkerware is typically installed secretly on mobile phones, without the victim’s knowledge, by so-called friends, jealous spouses and partners, ex-partners, and even concerned parents, and tracks the physical location of the victim, monitors sites visited on the internet, text messages, and phone calls.
Looking back In a nutshell — the pandemic did not slow down cybercriminals. Instead, they seized the opportunity of people spending more time online to adapt old tricks to spread various types of fakes, scams, and to target major businesses with ransomware.
While technology today is a great resource for us all to stay connected and keep up communications and work, we advise people to stay extra conscious and cautious about what they see online. When in doubt, verify content that you come across, whether it's news, apps, links, sales offers or video content, as it's possible for all types of digital content to be manipulated.