The Covid-19 pandemic has had a major impact on the cyberthreat landscape in 2020, leading to major security issues such as scams and ransomware attacks, according to a recent report by cybersecurity firm Avast.

Misinformation related to the pandemic is one of the major threats to the cyber landscape this year.

“Fake news spread during the pandemic, including fake news alleging that Bill Gates has created or financed the creation of Covid-19 in order to sell vaccines, and gain power over the world. Other examples of fake news during the pandemics include conspiracy theorists speculating democratic governments using the virus as an excuse to turn their systems into autocracies, and that 5G was responsible for the spread of the coronavirus,” the report said.

In addition to fake news, Covid-19-related fake shops and malware emerged this year.

Scammers leveraged the pandemic to target people searching for information around the virus, and related topics such as supplies of face masks and ventilators.

“Avast identified malvertising campaigns being adapted to the situation, fake shops and products like cures and medication for the virus being “sold” online, the World Health Organisation's name and logo being exploited to deceive people into inadvertently downloading malware in messages containing coronavirus and other related terms in malicious files spreading via email, SMS, and other malware,” it said.

The cybersecurity firm also identified mobile malware campaigns and tracked more than 600 malicious apps including mobile banking trojans and spyware disguised as Covid-19-related services.

Apart from fake news, deep fakes are also a major emerging threat. Deepfakes are fake videos that appear to be realistic and are developed using artificial intelligence.

At a recent event by Avast, Professor Hany Farid of UC Berkeley had noted that the technology is evolving quickly making such videos more difficult to spot.

Phishing attacks on the rise

Phishing attacks are on the rise. Covid-19 related phishing attacks surged in March with 7.9 per cent of such attacks leveraging the pandemic to lure users. Ransomware attacks targeting healthcare institutions in particular were also noted. “Multiple ransomware attacks targeted hospitals this year, despite threat actors publicly stating they would stop targeting hospitals,” Avast said.

“In addition to ransomware attacks against healthcare institutions, companies like Garmin, Jack Daniels and the Ritz London were hit with ransomware. Other notable victims of ransomware attacks in 2020, which paid ransom demands up into the millions, include the University of California San Francisco, Travelex, and defence contractor Communications & Power Industries (CPI) in California,” it said.

Malware campaigns

Elaborating on mobile threats, adware was the most dominant malware for Android devices in 2020, accounting for nearly 50 per cent of malware in Q1, over 27 per cent in Q2 and 29 per cent in Q3 out of all Android threats.

The HiddenAds family of Trojans was one of the most persistent campaigns on the Google Play Store over the course of the year. Avast alone found over 50 scam apps on the Google Play and Apple App Stores in 2020, that needed to be removed by Google’s and Apple’s security teams.

“Developers of adware increasingly used social media channels in 2020, like regular marketers would, to increase the number of app downloads. Users reported they were targeted with ads promoting adware apps on YouTube, and in September we saw adware spread via profiles on TikTok. The popularity of these social networks make them an attractive advertising platform, also for cybercriminals, to target a younger audience,” said Jakub Vávra, Threat Analyst at Avast.

Another major growing malware threat is stalkerware which became increasingly popular during the pandemic. “Stalkerware is typically installed secretly on mobile phones, without the victim’s knowledge, by so-called friends, jealous spouses and partners, ex-partners, and even concerned parents, and tracks the physical location of the victim, monitors sites visited on the internet, text messages, and phone calls,” explained Avast.

The Avast Threat Labs discovered that spyware and stalkerware grew 51 per cent from March through June, in comparison to the first two months of the year.

“The pandemic did not slow down cybercriminals, instead they seized the opportunity of people spending more time online to adapt old tricks to spread various types of fakes, scams, and to target major businesses with ransomware,” said Luis Corrons, Security Evangelist at Avast.

“While technology today is a great resource for us all to stay connected and keep up communications and work, we advise people to stay extra conscious and cautious about what they see online and verify things they come across before trusting news, apps, links, sales offers, and even video content, as they could be manipulated,” Corrons added.