COVID Does Not Spread to Computers

2022-02-12 05:06

Let's take a look at the number of droppers we observed in our MDR data and correlate it with other data we have regarding the intensity of COVID lockdown restrictions over time, Droppers are a good overall indicator of malicious activity, as they often indicate an early stage of an attack.

We observe a distinctive decrease in confirmed downloader activity in the months of November and December 2020 after the Trickbot botnet was taken down by law enforcement, and in January and February 2021, directly after Emotet was taken down.

There does appear to be a loose correlation between downloaders - which represent the start of the cyber kill chain - and confirmed ransomware activity - which represents the last phase of the kill chain, which is what one would expect.

In general, there appears to be an inverse correlation between the stringency of COVID lockdowns and the volumes of downloader activity.

The exception may be vacation periods, where it appears that attackers may step their activity up.

Law enforcement activity has a notable impact, but this appears to be short-lived because new actors and new tools tend to pop up after another one is taken down or some of its members arrested.

News URL

https://thehackernews.com/2022/02/covid-does-not-spread-to-computers.html