You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look

You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch.


"Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns," said Calvin Gan, a manager with F-Secure's Tactical Defense Unit, in a canned statement. "The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties."


Spam and other email-dependent lures mostly switched to using coronavirus-themed messaging in the first half of 2020, with finance being the most frequently spoofed industry in phishing emails seen by the Finnish company.


Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection. The email spreading it purported to be an official warning from a public health body.


Email accounted for just over half of observed infection attempts in the first six months of the year, up from 43 per cent last year. Exploit kit usage was virtually level year-on-year at 10 per cent in H1 2020 versus 9 per cent in H1 2019.


"We also saw atypical archive and compression file types, such as .gz and .ace, being used to get around mail gateways configured to detect malware executables enclosed in more conventional formats like .zip," said F-Secure in its full Attack Landscape H1 2020 report. The company added that its honeypots experienced 2.8 billion attack attempts between January and June, compared with 2.9 billion over the same period in 2019.


Diving down the stack, telnet and SSH were the two most frequently scanned ports that F-Secure had seen, while infostealers were the most common type of ma ..