sb-au logo
Story image

COVID-19-themed attacks and PowerShell malware surged in Q2 - report

05 Nov 2020

New malware samples grew by 11.5% in Q2 2020, averaging 419 new threats per minute, and COVID-19-themed cyber-attacks increased by an eye-watering 605% in the same period, according to new research released today by McAfee.

The report, which examines cyber-criminal activity related to malware and the evolution of cyber-threats this year, also found that instances of PowerShell malware skyrocketed up to 117% in Q2 over the previous quarter. This was a consequence, McAfee says, of the proliferation of malicious Donoff Microsoft office document attacks.

“The second quarter of 2020 saw continued developments in innovative threat categories such as PowerShell malware and the quick adaptation by cybercriminals to target organisations through employees working from remote environments,” says McAfee fellow and chief scientist Raj Samani.

“What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”

COVID-19-themed threat campaigns

The pandemic was the primary factor in the ‘unprecedented’ increase of malware attacks, the report says, as organisations continued to adapt to vast numbers of employees working from home, and the cybersecurity threats that this posed.

In response to these changes to the cybersecurity industry, McAfee launched a COVID-19 threats dashboard in Q2 to analyse the extent to which attackers changed their techniques in targeting organisations and governments. This included a global network of ‘over a billion sensors’, which observed the 605% increase in COVID-19-related attack detections compared to Q1. 

Donoff & PowerShell malware

Donoff Microsoft Office documents act as TrojanDownloaders by leveraging the Windows Command shell to launch PowerShell and proceed to download and execute malicious files. 

Donoff played a critical role in driving the 689% surge in PowerShell malware in Q1 2020. In Q2, the acceleration of Donoff-related malware growth slowed but remained robust, driving up PowerShell malware by 117% and helping to drive a 103% increase in overall new Microsoft Office malware. 

Attacks on cloud users

In addition, the McAfee report reveals almost 7.5 million external attacks targeted cloud user accounts, based on cloud usage data from over 300 million McAfee users globally during Q2.

McAfee observed nearly 7.5 million external attacks on cloud user accounts. This is based on the aggregation and anonymisation of cloud usage data from more than 30 million McAfee MVISION cloud users worldwide during the second quarter of 2020.