Prague, Czech Republic, November 24, 2020 — Avast (LSE:AVST), a global leader in digital security and privacy products, looks back at some of the most prominent cyberthreats of 2020. The past year has been defined by the Covid-19 virus affecting the entire world, including the cyberworld. Avast observed cybercriminals use the pandemic to their advantage, spreading scams and phishing attacks to exploit people’s weaknesses during trying times. Ransomware attacks continued to thrive this year, pitilessly attacking medical institutions. Certain types of threats, including stalkerware and adware, flourished due to people being forced into lockdown and likely spending more time on their mobile devices. Cybercriminals began to promote mobile adware more heavily to younger audiences via popular social platforms like YouTube, TikTok, and Instagram.
In addition to fake news, Covid-19-related fake shops and malware made their rounds in 2020. A number of scams circulated, designed to take advantage of people searching for information around the virus, and associated topics such as supplies of face masks and ventilators. Avast identified malvertising campaigns being adapted to the situation, fake shops and products like cures and medication for the virus being “sold” online, the World Health Organization's name and logo being exploited to deceive people into inadvertently downloading malware in messages containing coronavirus and other related terms in malicious files spreading via email, SMS, and other malware. Also, via its mobile threat intelligence platform, apklab.io, Avast tracked more than 600 malicious apps including mobile banking trojans and spyware, posing as apps that offered some sort of a Covid-19-related service.
Fake news spread during the pandemic, including fake news alleging that Bill Gates has created or financed the creation of Covid-19 in order to sell vaccines, and gain power over the world. Other examples of fake news during the pandemics include conspiracy theorists speculating democratic governments using the virus as an excuse to turn their systems into autocracies, and that 5G was responsible for the spread of the coronavirus.
“To summarize 2020, things weren’t always how they appeared - it was a year of fake news and scams, deceiving users while taking advantage of the pandemic. Cybercriminals take advantage of trends, to make sure they attract as many potential victims as possible. We observed cybercriminals adapting their attacks to take advantage of the crisis, because people are hungry for information and might be more susceptible to falling victim. Additionally, given the lockdowns and other restrictions, people are more often online and so the target pool of potential victims of cybercriminals has also likely increased,” said Luis Corrons, Security Evangelist at Avast.
In the beginning of the year, Avast saw an increase in ransomware attacks in the early pandemic months. Ransomware grew by 20% during March and April in comparison to January and February this year.
Multiple ransomware attacks targeted hospitals this year, despite threat actors publicly stating they would stop targeting hospitals. Avast was involved in helping hospitals and other businesses infected with ransomware, including the Brno University Hospital in the Czech Republic, which is also a testing center for the coronavirus, and was infected with Defray777. Healthcare institutions were attacked by Maze ransomware, which steals data before encrypting it and threatens to release hostage data if the ransom is not paid. This year, in what could be the first known case of a fatality linked to a ransomware attack, a patient passed away as she needed to be transferred to a different hospital after a ransomware attack affected a hospital in Dusseldorf, Germany.
“When healthcare institutions fall victim to ransomware, in addition to drastic economic consequences, the attack can have severely detrimental implications, such as the loss of patient records, and treatment delays or cancellations. In one very unfortunate case from this year, a patient lost her life because a ransomware attack forced the patient to be transferred to another hospital. With healthcare institutions already stretched at present, it’s clear how such a cyberattack is especially challenging during hard times,” continued Luis Corrons.
In addition to ransomware attacks against healthcare institutions, companies like Garmin, Jack Daniels and the Ritz London were hit with ransomware. Other notable victims of ransomware attacks in 2020, which paid ransom demands up into the millions, include the University of California San Francisco, Travelex, and defense contractor Communications & Power Industries (CPI) in California.
The pandemic forced many companies to send employees home to work remotely. According to a survey conducted by the European Foundation of the Improvement of Living and Working Conditions, nearly half of the European employees surveyed worked at home at least some of the time during the Covid-19 pandemic, and of these, one-third reported working exclusively from home. Employees took their company devices home which broadened the attack surface for companies, as the home network infrastructure usually isn’t as secure as an enterprise network. Also, with millions of workers around the world using Remote Desktop Protocol (RDP) daily to remotely access their business network, this tool has become a strong cyber-attack vector. In 2020, Avast has monitored a rise in attacks specifically designed to exploit RDP in order to execute widespread ransomware attacks.
“Not every company was prepared to have their employees work from home on such short notice, and not all home networks were secure enough, leaving companies at risk” says Luis Corrons. “According to Gartner, PC shipments in EMEA rose 20% in Q2 2020, which is likely thanks to companies purchasing PCs to allow employees to work from home.”
Deepfakes, particularly pornographic deepfakes appeared in 2020, including explicit deepfakes of TikTok users. In a talk at Avast's Cybersec & AI, Connected virtual conference Professor Hany Farid of UC Berkeley noted that technology is evolving quickly, making it easier and easier for deep fakes to be created, and the rate at which deep fakes can spread is also increasing due to social media. Farid also noted that “nothing has to be real anymore”, meaning that people will believe fakes, especially when it comes to political deep fakes.
Phishing is a lucrative way of stealing people’s money and personal information and is an evergreen technique used by cybercriminals that did not slow down in 2020. While Covid-19 related phishing attacks surged in March with 7.9% using themes related to the virus in that month, the impact on overall phishing numbers was small, with less than 1% of global phishing attacks using Covid-19 as a theme throughout the year.
Out of all Android threats Avast detected in 2020, adware was the dominant malware, with a share of nearly 50% in Q1, over 27% in Q2 and 29% in Q3 out of all Android threats. The HiddenAds family, a Trojan disguised as a safe and useful application but instead serving intrusive ads, stuck out in a special way, as it continuously found its way back to the Google Play Store over the course of the year. Avast also found scam apps on the Apple App Store. Avast alone found more than 50 scam apps on the Google Play and Apple App Stores in 2020, that needed to be removed by Google’s and Apple’s security teams.
“Developers of adware increasingly used social media channels in 2020, like regular marketers would, to increase the number of app downloads. Users reported they were targeted with ads promoting adware apps on YouTube, and in September we saw adware spread via profiles on TikTok. The popularity of these social networks make them an attractive advertising platform, also for cybercriminals, to target a younger audience,” said Jakub Vávra, Threat Analyst at Avast.
Stalkerware is a growing category of malware with disturbing and dangerous implications. Avast identified parallels between the use of stalkerware and the lockdown time in the spring. Stalkerware is typically installed secretly on mobile phones, without the victim’s knowledge, by so-called friends, jealous spouses and partners, ex-partners, and even concerned parents, and tracks the physical location of the victim, monitors sites visited on the internet, text messages, and phone calls.
The Avast Threat Labs discovered a 51% increase in Android spyware and stalkerware from March through June, in comparison to the first two months of the year.
The pandemic did not slow down cybercriminals, instead they seized the opportunity of people spending more time online to adapt old tricks to spread various types of fakes, scams, and to target major businesses with ransomware,” continued Luis Corrons. “While technology today is a great resource for us all to stay connected and keep up communications and work, we advise people to stay extra conscious and cautious about what they see online and verify things they come across before trusting news, apps, links, sales offers, and even video content, as they could be manipulated.”