The COVID-19 Threat Intelligence Insight report was provided by AT&T Cybersecurity and the Telco Security Alliance (TSA), which observed cyberthreat activity between January and June 2020. The TSA consists of a group including Singtel (Trustwave), and Telefónica (ElevenPaths), and aims to offer enterprises comprehensive cybersecurity insights to help them address the threat of cyberattacks and the evolving threat landscape.
The findings include threat intelligence examined and provided by AT&T Alien Labs Open Threat Exchange, a platform where members can share insight on threats, and saw a 2,000% spike in the number of cyber incidences relating to indicators of compromise (IOCs) that leveraged peoples fear around Covid-19. It was also revealed that 2.7% of all spam-related threats that were classified as phishing or malware had links to the ongoing pandemic while 80% of all spam emails had origins from the United States.
When examining the file types used by threat actors when spreading malware relating to the coronavirus, 25% were delivered as an executable file type, and it was common practice, as like most phishing scams, that the emails contained logos that impersonated real institutions like the World Health Organisation (WHO).
The TSA has observed many cyberthreat groups during this pandemic-period and provided examples and analysis of such campaigns. For example, the threat group known as Kimsuky, a cybercriminal adversary that is said to be operating on behalf of the North Korean government, lured its victims (mainly MacOS users) into opening a document and enabling the malicious content with has file. Kimsuky was found to be taking advantage of the 2020 South Korean legislative election in its campaigns.
A new cybercrime syndicate was also uncovered in April 2020 and goes by the name of Vendetta. This group has been described as “prolific” and focused on email campaigns using Covid-19 with targets found in Australia, Egypt and China. Vendetta saw fit to impersonate the director of the Taiwanese Centers for Disease Control and Prevention.
Another common tactic observed during this pandemic was Business Email Compromise (BEC) attacks, whereby fraudsters were tricking victims into sending money or information relating to gift cards from notable brands like iTunes, Amazon and Walmart.
It is clear that these report findings show the clear opportunistic nature of the modern cybercriminal as they seek out to exploit the severe situation many businesses and people find themselves in. To say the past six months have been extremely trying for all would be an understatement. COVID-19 has been eye-opening, upsetting and testing but we have shown a resilience and determination to ensure we make it through these dark times. The same can be said for the security professionals who have had to face the growing threats that exploded due to cybercriminals taking advantage of the pandemic while nations and organisations are at their most vulnerable.