Cybercriminals are taking advantage of COVID-19 with new attack methods: Microsoft Security Endpoint Threat report

 |   Russell Craig

Data on screen

Microsoft today unveiled Asia Pacific findings from the latest edition of its Security Endpoint Threat Report 2019[1], which revealed that cybercriminals are making 60,000 COVID-19 related phishing attempts every day. Despite New Zealand remaining one of the least targeted countries in the region for cyberattacks, recent high-profile attacks in this country demonstrate the need to remain vigilant.

“The Microsoft Security Endpoint Threat report aims to create a better understanding of the evolving threat landscape and help organisations improve their cybersecurity posture by mitigating the effects of increasingly sophisticated attacks,” said Russell Craig, National Technology Officer for Microsoft New Zealand.

The findings were derived from an analysis of diverse Microsoft data sources, including 8 trillion threat signals received by Microsoft every day from January to December 2019. However, with the turn of the new year, COVID-19 has changed the landscape and remains the top-of-mind concern for individuals, organisations and governments around the world. Since the outbreak, Microsoft Intelligence Protection team’s data has shown that every country in the world has seen at least one COVID-19 themed attack, and the volume of successful attacks seems to be increasing, as fear and the desire for information grows.

Of the millions of targeted phishing messages seen globally each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs. Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.

Craig, explains: “According to our data, we found that COVID-19 themed threats are mostly rethreads of existing attacks that have been slightly altered to tie to the pandemic. This means that attackers have been pivoting their existing infrastructure, like ransomware, phishing and other malware delivery tools, to include COVID-19 keywords, to capitalise on people’s fear. Once users click on these malicious links, attackers can infiltrate networks, steal information and monetise their attacks.”

Asia Pacific continued to experience a higher-than-average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher than the rest of the world, respectively. However, there is good news for New Zealand, which registered the second-lowest malware encounter rate across the region at 1.24 percent in 2019, a 39 percent decrease from last year. New Zealand also registered an all-time low ransomware encounter rate of 0.01 per cent, and the lowest volume of drive-by download attacks, at near-zero. These attacks involve downloading malicious code onto an unsuspecting user’s computer when they visit a website or fill out a form. The malicious code is then used by an attacker to steal passwords or financial information.

Even more encouraging, after registering the 11th highest cryptocurrency mining encounter rate across the region in 2019, New Zealand attacks fell 80 per cent in the past year. During such attacks, victims’ computers are infected with cryptocurrency mining malware, allowing criminals to leverage the processing power of their computers without their knowledge. The fall may be attributed to the fluctuation in cryptocurrency values and the increased time cryptocurrency takes to generate, which have caused criminals to seek alternative forms of cybercrime.

Despite that, Craig said a low threat was not the same as no threat when it came to cybercrime. New Zealand’s Computer Emergency Response Team (CERT) reported recent attacks affecting businesses operating in New Zealand including brewery Lion, Fisher and Paykel, BlueScope Steel, transport and logistics company Toll Group (which was also targeted earlier in 2020) and Honda. Craig said that demonstrated why all businesses needed to remain vigilant, especially as more adopted remote working.

“With more employers shifting to modern workplace models that enable remote working in the wake of COVID-19, we’re seeing gains in wellbeing, flexibility and productivity, but every remote device is also a new potential access point to businesses’ IT platforms. Meanwhile, we’re now seeing attackers taking a more customised approach, targeting specific geographies, industries and businesses as well as taking advantage of the desire for more COVID-related information,” he said.

“New working models require up-to-date security, which means leveraging cloud technology and developing a comprehensive cyber resilience strategy. Everyone, both businesses and individuals, has a role to play in keeping their organisation safe.”

Guidance for businesses:

  • Have strong tools to safeguard employees and infrastructure. This means looking into multi-layered defense systems and turning on multi-factor authentication (MFA) as employees work from home. Additionally, enable endpoint protection and protect against shadow IT and unsanctioned app usage with solutions like Microsoft Cloud App Security
  • Ensure employee guidelines are communicated clearly to employees. This includes information on how to identify phishing attempts, distinguishing between official communications and suspicious messages that violate company policy, and where these can be reported internally
  • Choose a trusted application for audio/video calling and file sharing that ensures end-to-end encryption

Guidance for individuals:

  • Update all devices with the latest security updates and use an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through settings
  • Be alert to links and attachments, especially from unknown senders
  • Use multi-factor authentication (MFA) on all accounts. Now, most online services provide a way to use your mobile device or other methods to protect your accounts in this way
  • Get educated on how to recognise phishing attempts and report suspected encounters, including watching out for spelling and bad grammar, and suspicious links and attachments from people you do not know

For more information on the findings published on the Microsoft Security Intelligence website, please visit:

infographic illustrating results of report

[1] Research covered a total of 15 markets – Developing markets: China, India, Indonesia, Malaysia, Philippines, Sri Lanka, Thailand and Vietnam; developed markets: Taiwan, Singapore, New Zealand, Korea, Japan, Hong Kong, Australia; Source on market categorization: International Monetary Fund’s World Economic Database, October 2018





Tags: ,