Malwarebytes Labs Q2 CTNT Report/COVID Campaigns Lead to Surge in Malware Threats

Malwarebytes just released its latest quarterly Cybercrime Tactics and Techniques (CTNT) report, a special edition. The report is entitled, “Cybercrime tactics and techniques: Attack on home base.”

The report focuses on recent, increased malware threats which all have one, the big thing in common—using coronavirus as a lure. The report analyzes the trojans, info stealers, and botnets that threat actors delivered to increasingly more homes from January to March of this year. In addition to attack volume, the report also captures the actual models that threat actors used to try and trick unsuspecting victims.

The coronavirus pandemic has left the world looking very different at the end of the quarter than it did at the beginning. For starters, millions of workers are out of the office and working from their homes. This change in scenery, combined with safe social distancing efforts that help prevent the spread of COVID-19, has created a crisis for many, but an opportunity for some.

Employees are accessing company resources through VPNs, utilizing cloud-based services, and spending countless hours chatting on communication tools, all while connecting through personal networks and machines. In response, cybercriminals have been deploying campaigns to trick users into installing malware that steals login information for these sites, as well as provides remote control of the endpoint to the attacker.

This special, COVID-19 themed CTNT report for January 2020 to March 2020 looks at the most prominently spread malware families taking advantage of this crisis, as well as other cybercriminal efforts we observed. We will give you a look into what the campaigns that spread these threats look like and the capabilities of the malware, along with information about card skimmers and APT attacks, wrapping up with some tips on staying safe.

Threats like Emotet and Trickbot are still a big concern for businesses all over the world,
however, the threats we are going to cover in this section are specifically using COVID-19
themed campaigns to spread. In fact, many of the families we have seen being installed by
these campaigns have had very little success prior to the last few months. These changes
represent a shift by cybercriminals to focus on a new target, your home base.

Here are some key findings you will see inside the report.

  • Cybercriminals quickly transitioned to delivering years-old malware with brand new campaigns that preyed on the confusion, fear, and uncertainty surrounding the global coronavirus pandemic.
  • Malwarebytes discovered that the backdoor malware NetWiredRC, which laid low for roughly five months in 2019, dramatically increased its activity at the start of 2020, with a detection increase of at least 200 percent by March compared to last December.
  • The time period between January and February was, for several of the malware types analyzed, a precursor to even greater, increased detection activity between February and March.
  • Malwarebytes recorded increased detections of nearly 110 percent between February and March for the malware AveMaria, a dangerous remote access trojan that can provide remote desktop access and remote webcam control, with the additional ability to steal passwords.
  • Malwarebytes recorded increased detections of more than 160 percent between February and March for the malware DanaBot, an invasive trojan and information stealer that can swipe online banking account credentials.
  • Phishing campaigns appear to be the most popular attack method, but cybercriminals have also gotten creative with fraudulent websites that hide malware.
  • A 26 percent increase in credit card skimming activity in March puts home shoppers at greater risk

Here’s a direct link to the full report: https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf

LEAVE A REPLY

Please enter your comment!
Please enter your name here