At the start of 2020, phishers began exploiting the pandemic and deviated from their normal lures to an array of pandemic-correlated themes for their phishing activities. One year after the pandemic began, the Palo Alto Networks Unit 42 Team researchers reviewed the phishing trends over the past year to see the variations in the tactics, techniques, and procedures (TTPs) of phishers and the level to which COVID-19 was utilized in their phishing activities.
The researchers reviewed all phishing links discovered from January 2020 and February 2021 to find out the number that had a COVID-19 motif, utilizing certain keywords and terms linked to COVID-19 and other elements of the pandemic. The researchers found 69,950 different phishing URLs associated with COVID-19 subjects, with more or less half of those links directly linked to COVID-19.
Phishing campaigns were immediately associated with the most current news and views on the COVID-19 and directly mirrored the current pandemic fads. Subsequent to the World Health Organization’s statement about the pandemic last March 2020 there was a universal lack of personal protective equipment (PPE) and testing sets. Phishing campaigns started offering obtaining access to products. Government stimulus programs were afterward announced, and phishing campaigns were rapidly used to contain baits connected to those programs. As an example, the number of phishing emails linked to COVID-19 online test kits directly matched the popularity of test kit-linked lookups on Google.
All through the pandemic, phishers targeted the web pages of authentic vendors of COVID-19 test kits. They acquired access to the web pages and loaded phishing kits to take credentials. In December 2020, as the vaccine campaign commenced, campaigns turned to vaccine-related lures employing domain names that spoofed vaccine makers for instance Biontech Pfizer among others. The sites of drug companies were targeted and had phishing content put in connected to vaccines. Between December 2020 and February 2021, vaccine-connected phishing scams grew by 530%.
One of the strategies utilized by phishers to avoid security tools is to employ a two-step procedure on their phishing web pages that call for the visitor to click to sign in before being shown the phishing form – a technique known as client-side cloaking. A lot of anti-phishing tools will check out the URL dropped in an email message to examine the content however will simply take a look at the landing page for phishing stuff. By making use of client-side cloaking, it is less likely to notice the malicious content.
The report points out the opportunistic identity of phishers. They will swiftly alter their TTPs according to new developments and utilize baits that are most likely to obtain the perfect response, which includes modifying targets. From December 2020 to February 2021, phishing attacks aimed at pharmacies and hospitals went up by 189% as phishers moved to aim at healthcare staff to take their credentials.
During the pandemic, Microsoft was the company most hit by phishers. Above 23% of COVID-19 phishing links are directed Microsoft credentials. Phony Microsoft login pages were created to steal the Microsoft 365 credentials of personnel at pharmaceutical organizations and drug stores. Whenever Microsoft credentials are collected, they could be employed to gain access to email accounts to distribute phishing emails from legitimate pharmacy and pharma corporation domains, raising the likelihood of those email messages being sent and acted upon by the receivers. Victim firms consist of Glenmark Pharmaceuticals in India, Pharmascience In Canada Junshi Biosciences In China, and Walgreens in the US.
At the moment, huge numbers of phishing emails are associated with vaccines and as more persons attempt to get themselves and their members of the family listed for vaccination, vaccine-connected phishing activities are very likely to carry on.