Trend Micro blocked nearly nine million COVID-related threats in the first half of 2020, the vast majority of which were email-borne, it revealed in a new mid-year roundup report.
The security giant said it detected 8.8 million cyber-threats leveraging the virus as a lure or theme for attacks, 92% of which were delivered by spam emails.
However, the figure represents less than 1% of the total of 27.8 billion threats the vendor blocked in the first six months of the year.
This chimes with data from Microsoft and others which suggests that cyber-criminals merely repurposed existing campaigns to take advantage of COVID-19. As such, the pandemic itself has not prompted a rise in overall cybercrime levels.
However, the data does show conclusively that email remains the number one threat vector: 93% of total blocked threats were heading for users’ inboxes.
As part of this trend, Business Email Compromise (BEC) detections increased by 19% from the second half of 2019. This is due in part to scammers trying to capitalize on distracted home workers who may be more exposed to social engineering, and less able to check with colleagues if a money transfer request is legitimate or not.
Ransomware is another serious cyber-threat commonly carried via email. Trend Micro claimed that, although the volume of detected threats decreased, it saw a 45% increase in new ransomware families compared to the same time last year.
Software vulnerabilities also remain a perennial risk for organizations. Trend Micro’s Zero Day Initiative (ZDI) published a total of 786 advisories in the first half of 2020, which is a 74% increase from the previous six months. Some of these were part of Microsoft Patch Tuesday updates, which have fixed an average of 103 CVEs per month so far in 2020.
The report also detailed a 16% increase in vulnerabilities disclosed in industrial control systems (ICS), compared to the first half of 2019.