Story image

COVID-19 themed malware and credential theft campaigns make a resurgence as Delta variant spreads

By Ryan Morris-Reade, Fri 27 Aug 2021

Proofpoint finds COVID-19 themed email threats make a resurgence as the Delta variant spreads.

Since late June 2021, Proofpoint has observed high volumes of COVID-19 themed threats distributing malware and credential theft campaigns, including a Microsoft credential theft campaign targeting thousands of organisations globally. Proofpoint researchers also identified an increase in business email compromise, with threat actors posing as human resource professionals to gain an individual's trust.  

The new attacks follow a lull in COVID-19-themed threat campaigns through the Spring and early Summer of 2021. Now, multiple types of high-volume threats have pivoted back to using COVID-19 social engineering themes as global concern about the Delta variant rises. 

Proofpoint has been tracking ongoing threats using COVID-19 and related coronavirus themes since the beginning of the pandemic. TA452, known to distribute Emotet, first began using COVID-19 in email threats in January 2020. Although the virus has remained an ongoing theme, researchers have observed a significant increase in messages leveraging COVID-19 in recent months. 

Since late June 2021, Proofpoint has observed high a volume COVID-19 themed campaigns distributing RustyBuer, Formbook, and Ave Maria malware, in addition to multiple corporate phishing attempts to steal Microsoft and O365 credentials. The researchers also found an increase in business email compromise threats using COVID-19 themes during this timeframe.

"The increase in COVID-19 themes in our data aligns with public interest in the highly contagious COVID-19 Delta variant," says Proofpoint.

"According to global Google Trend data, worldwide searches for "Delta variant" first peaked the last week in June 2021 and have continued through August 2021 so far. The increase in COVID-19 related threats is global. We observed tens of thousands of messages intended for customers in various industries worldwide." 

Open-source data also supports a greater threat actor adoption of COVID-19 themes. South Korea, for example, recently raised its cyber threat warning level in response to an increase of threats related to its COVID-19 relief programs. 

Threat actors have leveraged the fear and uncertainty felt by communities everywhere throughout the pandemic, and the COVID-19 virus became a popular lure for social engineering activities. As vaccines became available, threat actors began using themes related to vaccination status. 

Threat actors often pair COVID-19 themes with messages claiming to be pandemic financial relief or healthcare information. This trend continues as the Delta variant spreads, and companies require vaccinations before employees return to work.

Some key findings of the report include:

  • Proofpoint researchers observed an increase in COVID-19 related threats since late June 2021. 
  • Threat actors are taking advantage of the increased interest and infection spread related to the Delta variant. 
  • Proofpoint researchers observed high-volume COVID-19 related campaigns from malware, including RustyBuer, Formbook, and Ave Maria.
Recent stories
More stories