The year Covid-19 took over the real world as well as the cyberworld
PRAGUE, Nov. 25, 2020 /PRNewswire/ — Avast (LSE:AVST), a global leader in digital security and privacy products, looks back at some of the most prominent cyberthreats of 2020. The past year has been defined by the Covid-19 virus affecting the entire world, including the cyberworld. Avast observed cybercriminals use the pandemic to their advantage, spreading scams and phishing attacks to exploit people’s weaknesses during trying times. Ransomware attacks continued to thrive this year, pitilessly attacking medical institutions. Certain types of threats, including stalkerware and adware, flourished due to people being forced into lockdown and likely spending more time on their mobile devices. Cybercriminals began to promote mobile adware more heavily to younger audiences via popular social platforms like YouTube, TikTok, and Instagram.
Covid-19 Fakes and Scams
In addition to fake news, Covid-19-related fake shops and malware made their rounds in 2020. A number of scams circulated, designed to take advantage of people searching for information around the virus, and associated topics such as supplies of face masks and ventilators. Avast identified malvertising campaigns being adapted to the situation, fake shops and products like cures and medication for the virus being “sold” online, the World Health Organization’s name and logo being exploited to deceive people into inadvertently downloading malware in messages containing coronavirus and other related terms in malicious files spreading via email, SMS, and other malware. Also, via its mobile threat intelligence platform, apklab.io, Avast tracked more than 600 malicious apps including mobile banking trojans and spyware, posing as apps that offered some sort of a Covid-19-related service.
Fake news spread during the pandemic, including fake news alleging that Bill Gates has created or financed the creation of Covid-19 in order to sell vaccines, and gain power over the world. Other examples of fake news during the pandemics include conspiracy theorists speculating democratic governments using the virus as an excuse to turn their systems into autocracies, and that 5G was responsible for the spread of the coronavirus.
In the beginning of the year, Avast saw an increase in ransomware attacks in the early pandemic months. Ransomware grew by 20% during March and April in comparison to January and February this year.
Multiple ransomware attacks targeted hospitals this year, despite threat actors publicly stating they would stop targeting hospitals. Avast was involved in helping hospitals and other businesses infected with ransomware, including the Brno University Hospital in the Czech Republic, which is also a testing center for the coronavirus, and was infected with Defray777. Healthcare institutions were attacked by Maze ransomware, which steals data before encrypting it and threatens to release hostage data if the ransom is not paid. This year, in what could be the first known case of a fatality linked to a ransomware attack, a patient passed away as she needed to be transferred to a different hospital after a ransomware attack affected a hospital in Dusseldorf, Germany.
In addition to ransomware attacks against healthcare institutions, companies like Garmin, Jack Daniels and the Ritz London were hit with ransomware. Other notable victims of ransomware attacks in 2020, which paid ransom demands up into the millions, include the University of California San Francisco, Travelex, and defense contractor Communications & Power Industries (CPI) in California.
Working From Home challenges
The pandemic forced many companies to send employees home to work remotely. According to a survey conducted by the European Foundation of the Improvement of Living and Working Conditions, nearly half of the European employees surveyed worked at home at least some of the time during the Covid-19 pandemic, and of these, one-third reported working exclusively from home. Employees took their company devices home which broadened the attack surface for companies, as the home network infrastructure usually isn’t as secure as an enterprise network. Also, with millions of workers around the world using Remote Desktop Protocol (RDP) daily to remotely access their business network, this tool has become a strong cyber-attack vector. In 2020, Avast has monitored a rise in attacks specifically designed to exploit RDP in order to execute widespread ransomware attacks.
Deepfakes taking off
Deepfakes, particularly pornographic deepfakes appeared in 2020, including explicit deepfakes of TikTok users. In a talk at Avast’s Cybersec & AI, Connected virtual conference Professor Hany Farid of UC Berkeley noted that technology is evolving quickly, making it easier and easier for deep fakes to be created, and the rate at which deep fakes can spread is also increasing due to social media. Farid also noted that ” nothing has to be real anymore “, meaning that people will believe fakes, especially when it comes to political deep fakes.
Phishing is a lucrative way of stealing people’s money and personal information and is an evergreen technique used by cybercriminals that did not slow down in 2020. While Covid-19 related phishing attacks surged in March with 7.9% using themes related to the virus in that month, the impact on overall phishing numbers was small, with less than 1% of global phishing attacks using Covid-19 as a theme throughout the year.
Mobile Adware creators leveraging social media channels to promote their “products”
Out of all Android threats Avast detected in 2020, adware was the dominant malware, with a share of nearly 50% in Q1, over 27% in Q2 and 29% in Q3 out of all Android threats. The HiddenAds family, a Trojandisguised as a safe and useful application but instead serving intrusive ads, stuck out in a special way, as it continuously found its way back to the Google Play Store over the course of the year. Avast also found scam apps on the Apple App Store. Avast alone found more than 50 scam apps on the Google Play and Apple App Stores in 2020, that needed to be removed by Google’s and Apple’s security teams.
Stalkerware is a growing category of malware with disturbing and dangerous implications. Avast identified parallels between the use of stalkerware and the lockdown time in the spring. Stalkerware is typically installed secretly on mobile phones, without the victim’s knowledge, by so-called friends, jealous spouses and partners, ex-partners, and even concerned parents, and tracks the physical location of the victim, monitors sites visited on the internet, text messages, and phone calls.
According to a paper published by researchers from Brigham Young University in the US, who compared domestic violence calls for service in 14 large US cities before and after social distancing began at the beginning of the year, there was a 10.2% increase in calls.
” The pandemic did not slow down cybercriminals, instead they seized the opportunity of people spending more time online to adapt old tricks to spread various types of fakes, scams, and to target major businesses with ransomware , ” continued Luis Corrons. ” While technology today is a great resource for us all to stay connected and keep up communications and work, we advise people to stay extra conscious and cautious about what they see online and verify things they come across before trusting news, apps, links, sales offers, and even video content, as they could be manipulated. ”
Avast (LSE:AVST), a FTSE 100 company, is a global leader in digital security and privacy products. With over 435 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Visit: www.avast.com.