This is How Cybercriminals Are Acting During The Covid-19 Outbreak

by Robert Best on June 24, 2020
Find me on:

businessman hand working on laptop computer with digital layer business strategy and social media diagram on wooden desk

The Covid-19 crisis brought about a spike in cybercrime activity relating to the pandemic. Cybercriminals continually look to target uncertainty and confusion. As we searched for more information on the pandemic we created a new opportunity for cyber attacks.

However, Covid-19 based attacks were only one approach cybercriminals have been taking in recent months. A recent report by Microsoft showed details on how cybercriminals have been acting during the Covid-19 outbreak.

By understanding how they behave you can better protect your business from their attacks.

The rise in Covid-19 related cyber attacks

Back in February attackers were starting to use Covid-19 related tactics. When the World Health Organization gave the pandemic the name of "Covid-19" attackers started to deploy their campaigns.

The week following that declaration saw these attacks increase eleven-fold. Although this still only made up 2 per cent of overall attacks seen by Microsoft , it was still clear that cybercriminals wanted to exploit the situation.

Microsoft observed a worldwide peak in Covid-19 based attacks in the first two weeks of March. That behaviour makes sense because it was at this time that most Governments were taking action. People's desire for help or information about the virus was exploitable. By the end of March, every country in the world had seen at least one Covid-19 based attack.

Malware attacks still the most seen attack

However, it's worth noting that despite the sharp rise in Covid-19 attacks, Malware attacks were still by far the most common form of attack. Malware campaigns, attack infrastructure, and phishing attacks all showed signs of this opportunistic behaviour.

The unique nature of the pandemic made cybercriminal’s job easier. They preyed on our concern, confusion, and desire for resolution. Malware was and still is the major cyber threat to a business.

Covid-19 attacks peaked with the virus

After peaking in early March, Covid-19 themed attacks settled into a “new normal”. These themed attacks are still higher than they were in early February and they are likely to continue as long as Covid-19 persists.

Cybercriminals have learnt to become very adaptive. There was no surprise they were going to target Covid-19 style information. Much like how they will continue to exploit poorly secured remote working setups.

Cybercrime in the UK

Attacks targeting the United Kingdom initially followed a similar trend to that of the global data. However, the UK then spiked earlier, appearing to be influenced by the news and concerns within the nation.

Data shows a first peak approximately at the first confirmed Covid-19 death in the UK, with growth beginning again with the FTSE 100 stock crash on March 9. The ultimate peak then came around the time the United States announced a travel ban to Europe.

The increased transparency of information on Covid-19 and warnings about cybercriminals lead to a drop until early April when it briefly peaked when Boris Johnson was in hospital. Again, the peak coincided with an area of grave concern and uncertainty with the country.

What the data can tell us

The Covid-19 outbreak has truly been a global event. Cybercriminals have taken advantage of the crisis to trick new victims using their existing malware threats. The data shows attacks appear to be highly correlated to local interest and news.

Overall, COVID-19 themed attacks are just a small percentage of the overall threats the Microsoft has observed over the last four months. So while you still need to be aware of them it shouldn't be at the cost of your IT security against malware attacks.

Using Microsoft's data these are the key observations to be aware of.

  • Cybercriminals adapt their tactics to take advantage of local events that are more likely to lure victims to their schemes. Those lures change quickly and fluidly while the underlying malware threats remain.
  • Security investment is best placed in cross-domain signal analysis, installing updates automatically, and user education. The Covid-19 themed attacks show that the threats your users face are constant on a global scale. Investments that raise the cost of attack or lower the likelihood of success are the best form of defence.
  • Focus on behaviours of attackers will be more effective than just examining indicators of compromise, which tend to be more signals in time than durable.

How can you know your protected?

The Government have backed a scheme called Cyber Essentials. This scheme sets out a framework for how a business should approach their cybersecurity. There are two levels, Cyber Essentials and Cyber Essentials Plus.

By gaining the Cyber Essentials accreditation you can you will not only have better peace of mind over your cybersecurity but you will also have a framework to continue to follow to help keep your business secure.


The agile nature of cybercriminals means your business needs to stay agile as well. Cyber Essentials is the Government's way of helping UK businesses stay secure.

Infotech Solutions can help you through the whole Cyber Essentials process and help you with any changes you might need to make to be able to pass. For more information on what Cyber Essentials can do for your business contact us here, email or call us on 01634 52 52 52.

contact us for information on becoming cyber essentials accredited

Join The Conversation

Please leave your comments below

Customer support

Recent Posts

Popular Posts