Critical Attack Discovery and Intelligence TeamSymantec
Towards the end of the first quarter of 2020, we took a look through telemetry from our vast range of data sources and selected some of the trends that stood out.
From COVID-19-themed malicious email and BEC scams to vulnerability exploits and IoT attacks, let’s take a quick look at the trends that shaped the cyber security threat landscape in the first three months of 2020.
Influx of Coronavirus Malicious Email
While news of the coronavirus pandemic began to circulate in December 2019, it was March 2020 before the subject began to be used noticeably as a lure in malware-bearing emails. In February, Symantec blocked approximately 5,000 malicious emails with “coronavirus”, “corona”, or “COVID-19” in the subject line. However, in March this number increased significantly to roughly 82,000.
More information on this trend can be found in our blog COVID-19 Outbreak Prompts Opportunistic Wave of Malicious Email Campaigns.
Figure 1. Coronavirus-related malicious email
BEC Scams Resulted in $1.77 Billion in Losses for Victims
According to the FBI, business email compromise (BEC) scams are the most damaging and effective type of cyber crime, accounting for over $1.77 billion in losses for victims last year. While the number of organizations targeted by BEC scams was down from Q4 2019 numbers, there were still almost 31,000 organizations targeted in Q1 2020.
Figure 2. Organizations targeted by BEC scams
Formjacking Criminals Increase Efforts
The number of unique websites compromised with formjacking code increased in Q1 2020 as more criminals vie for their share of this lucrative malicious activity. There were 7,836 websites compromised with formjacking code in Q1 2020, up from 7,663 the previous quarter.
To learn more about formjacking, read our white paper: threat landscape trends
