BLM, COVID-19 top themes for malware attacks, says new Infoblox report


After a spike in fraud experienced during the first half of this year, our Q3 Cyberthreat Intelligence Report reveals that Black Lives Matter and COVID-19 themed malware attacks are becoming increasingly prevalent. Cybercriminals are hijacking social movements to victimise companies through manipulating workers’ emotions.

In many of the threats uncovered in Q3, perhaps the majority, the intended victim must interact and cooperate for the attack to succeed, generating a need for the attackers to create campaigns that will successfully deceive victims. In almost all of the observed attack chains, the bad actors enticed victims to click on and open a malicious URL or file.


Following the money

The report highlights how financial information remains the primary aim for cyber attacks. For instance, a new Trickbot malware banking trojan uses the Black Lives Matters movement to lure people into opening a malicious email and attachment with the aim of stealing sensitive financial information from customers. North Korean cybercrime group Hidden Cobra is known for siphoning money to fund their heavily sanctioned regime, while APT 39 has been targeting citizens, dissidents, companies, and academic institutions in Iran. It has also targeted foreign citizens, governments, and organisations predominantly in the travel, hospitality, academia and telecommunications industries across the globe.

These attacks show that bad actors continue to target cloud apps, indicating that they are following the money trail as organisations migrate to the cloud. This underscores the need for companies to proactively secure their corporate assets and workers wherever they are.


Remote working expands the threat landscape

Remote workers require access to enterprise resources from a variety of endpoints, including both employer-provided and personal laptops, as well as a broad mix of mobile devices. However, many cybersecurity procedures and security controls used within enterprise facilities are unable to provide the same level of security for remote locations. The enterprise security stack is far too complex to work remotely without significant changes, preparation and planning. The introduction of hybrid cloud environments to cater to remote-working means the network security perimeter is expanding rapidly, and security needs to follow suit.

One potential solution to address these challenges is to leverage the power of DDI – a fundamental network service – to automatically block certain types of malware and automate threat response to secure users from the core to the network edge.

Our report also observed that attackers are leveraging the widespread demand for information about the severity of the pandemic to lure victims in. Remote workers may easily fall victim to malware-laden links in online forums, social media and small publications whose websites have been compromised. These challenges will remain a constant threat, especially to remote users.