Coronavirus-themed cyberattacks on decline, Microsoft says

(Image credit: Paolo Bona /

It’s no secret or surprise that cybercrooks have taken advantage of the global coronavirus pandemic, but new research from Microsoft has given a greater glimpse into their behaviour.

Microsoft said that cybercriminals exploitation of the coronavirus crisis peaked in early March, but steeply dropped off after that, reaching a steady baseline in early April.

According to insight from Microsoft's Threat Protection Intelligence Team, cyber criminals began launching opportunistic campaigns once the World Health Organization revealed the  Covid-19 pandemic on February 11. 

"The week following that declaration saw these attacks increase eleven-fold," the report said. 

"While this was below two percent of overall attacks Microsoft saw each month, it was clear that cybercriminals wanted to exploit the situation," the report added. "People around the world were becoming aware of the outbreak and were actively seeking information and solutions to combat it.”

Adapting to chaos

When many countries around the globe began introducing lockdown measures to curb the disease’s spread at the beginning of March, Microsoft said the number of Covid-19 attacks peaked at that point.

Although online crooks have been leveraging the global pandemic to launch effective attacks, the firm said the overall trend of malware detections worldwide, coronavirus-related or not, did not vary significantly during this time and was a blip in the total volume of threats we typically see in a month.

Interestingly, hackers didn’t reinvent the wheel when it came to deploying attacks during this period. 

The report says: “Looking through Microsoft’s broad threat intelligence on endpoints, email and data, identities, and apps, we concluded that this surge of Covid-19 themed attacks was really a repurposing from known attackers using existing infrastructure and malware with new lures.”

Calling the attacks "opportunistic," Microsoft said they targeted key industries -- as well as people working to tackle the pandemic -- and preyed on people’s concern, confusion and desire for resolution.

"Cybercriminals are adaptable and always looking for the best and easiest ways to gain new victims. Commodity malware attacks, in particular, are looking for the biggest risk-versus-reward payouts," explained Microsoft.

“The industry sometimes focuses heavily on advanced attacks that exploit zero-day vulnerabilities, but every day the bigger risk for more people is being tricked into running unknown programs or Trojanized documents.”

Leveraging regional news

In the report, researchers focused on the US, UK and South Korea. All three countries saw Covid-19 attacks peak concurrently, but the perpetrators tailored their attacks to headlines in different parts of the world. 

For example, in the UK, attacks surged after the first coronavirus fatality was announced, and again when Prime Minister Boris Johnson ended up in intensive care with the virus.

Microsoft added: “Organizations should further improve security posture by educating end users about spotting phishing and social engineering attacks and practising credential hygiene.”

  • Read more: Get the best business VPNs for your firm and employees

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!