SolarWinds Findings Show Cybercriminals Capitalizing on Work-from-Home Measures During Coronavirus Outbreak-Including an Increase of Over 80% in Phishing and Malware Attacks

SolarWinds Findings Show Cybercriminals Capitalizing on Work-from-Home Measures During Coronavirus Outbreak-Including an Increase of Over 80% in Phishing and Malware Attacks

New figures released by SolarWinds MSP, taken from its global email security traffic findings, reveal an increased spike in threat attacks since the outbreak of COVID-19, with an increase of over 80% in phishing and malware attacks in March 2020. During this timeframe, SolarWinds® Mail Assure has detected and blocked approximately 10 million phishing attacks per week[2] with a filtering accuracy of over 99.999%.[3] 

The findings unveiled numerous phishing campaigns circulating on health and safety measures around COVID-19 when the spike was first detected. They also revealed attacks impersonating various government agencies and the World Health Organization (WHO) asking users to donate funds. With a major increase in the use of online platforms, tools, and video conferencing apps, phishing campaigns are not only crafted around the COVID-19 topic itself, but also targeting online tools that working-from-home employees are using to communicate and maintain business continuity.

With many organizations running their businesses from home—and educational institutions moving to online learning platforms—more users are connected to a wide variety of devices that are not under the management of secure corporate networks, where professional email security solutions are in place.

The example below shows the header information of a phishing campaign where the hackers disguised themselves as the World Health Organization trying to get users to donate via Bitcoin[4].

If you look at the sender, it seems to be the World Health Organization—but there are obvious indicators that it's not. First, the subject line of the email, "COVID-19 Solidarity Response Fund for WHO - DONATE NOW," creates a sense of urgency. Second, the display name is spoofed. Finally, the "From" address ends in "@example.com," and the IP address is [1.2.3.4].

Spam, viruses, malware, ransomware, phishing, and other email-borne threats are a huge risk to businesses, potentially leading to data theft, IP blacklisting, disruption in business productivity, and reputational damage. To help prevent falling victim to cyberattacks, be wary of the top email subjects used recently. They include[5]:

  • Top phishing subjects:
    • Subject: You Have Pending Microsoft Office UNSYNC Messages
    • Subject: Important: john.smith@example.com have Pending incoming Emails.
    • Subject: Outlook Web App Closure Of john.smith@example.com
    • Subject: EMAIL UPGRADE
    • Subject: Closure of your account is being processed 
  • Top malware subjects:
    • Subject: Transaction Confirmation And Shipping Details
    • Subject: INCORRECT BANK DETAILS
    • Subject: RE::Shipment Docs
    • Subject: URGENT NEED: U.S. Department of Health & Human Services/COVID-19 Face Mask/ Forehead thermometers 
  • Top ransomware subjects:
    • Disposable face mask/highly anti-virus/Breathable
    • Subject: COVID-19 Solidarity Response Fund for WHO - DONATE NOW 
    • Subject: Security Notice. Someone has access to your system. 
    • Subject: Security Alert. Your account was compromised. Password must be changed.
    • Subject: Be sure to read this message! Your personal data is threatened! 
    • Subject: Fraudsters know your old passwords. Access data must be changed.

"Email is among the most common means of communication for companies, but is also one of the most vulnerable vectors for malicious business attacks—around 68%[6] of email traffic within organizations is believed to be spam or malicious in nature. The COVID-19 virus has not only created health implications and changed the way organizations run their business, it has created huge opportunites for threat actors," said Alex Quilter, vice president of product management, SolarWinds MSP. "It's important for MSPs to be aware of these attacks, so they are in a position to educate customers and provide them with the tactics and tools required to help combat potential threats. A strong security foundation can help reduce your customers' risks, including reliable email filtering to help prevent these emails from making it to users."

SolarWinds Mail Assure is a cloud-based email malware protection and spam filtering solution that acts as a protective layer for incoming and outgoing email using collective threat intelligence, 24/7 email continuity, and long-term email archiving. The cloud-based platform uses collective threat intelligence that incorporates data from over 23 million mailboxes under management and 3B+ messages processed per month.

SolarWinds MSP also offers a COVID-19 Resource Hub to support its partners with expert advice and useful resources to help navigate today's unprecedented times.

[1] Week beginning 2020-03-02 to week ending 2020-03-27

[2] Week beginning 2020-03-02 to week ending 2020-03-27

[3] SolarWinds Mail Assure logging data report (Published March 2020)

[4] For privacy reasons, the identity of the hacked account in the example has been changed

[5] SolarWinds Mail Assure Top Phishing Subjects Report (Published March 2020) (Spelling and grammar mistakes were intentionally left incorrect to reflect original phishing email subject lines)

[6] "Get One Step Ahead of Email Threats," FireEye (Accessed February 2020)