The coronavirus pandemic has forced massive changes upon businesses, but the overall cyber threat landscape remains relatively stable, according to researchers at FireEye.
Yes, malicious actors are now leveraging global fears to create phishing schemes built around COVID-19. But the main threat actors are still the same and their methodologies, offensive weapons and goals remain largely consistent, reports FireEye analyst Sandra Joyce in a company blog post. And despite widespread reports of adversaries incorporating COVID-19 into their social engineering and phishing campaigns, FireEye said that only two percent of its malicious email detections in March 2020 actually involved coronavirus content.
“The same threat actors and malware families that we observed prior to the crisis are largely pursuing the same objectives as before the crisis, using many of the same tools. They are simply now leveraging the crisis as a means of social engineering,” writes Joyce. “This pattern of behavior is familiar. Threat actors have always capitalized on major events and crises to entice users. Many of the actors who are now using this approach have been tracked for years.”
“Ultimately, COVID-19 is being adopted broadly in social engineering approaches because it is has widespread, generic appeal, and there is a genuine thirst for information on the subject that encourages users to take actions when they might otherwise have been circumspect,” Joyce continues. “We have seen it used by several cybercriminal and cyber espionage actors, and in underground communities some actors have created tools to enable effective social engineering exploiting the coronavirus pandemic. Nonetheless, COVID-19 content is still only used in two percent of malicious emails.”
Joyce did, however, recognize a few notable ways in which COVID-19 has changed risk and threat dynamics, including a huge surge in the remote workforce and the increased reliance on health care, manufacturing, logistics and administration organizations, which makes them highly desirable targets .
In its report, FireEye says it anticipates that state-sponsored cyber espionage will be making an effort to gather intelligence on the COVID-19 crisis, in addition to their usual interests. With that said, “We have not yet observed an incident of cyber espionage targeting COVID-19 related information,” says Joyce. “[H]owever, it is often difficult to determine what information these actors are targeting.”