Cyberthreat spread trends: how the dynamics have changed during the pandemic
Posted: Sun Feb 02, 2025 7:21 am
ESET has presented the main trends in the spread of online threats during the first quarter of 2020. In particular, the number of detected dangerous websites containing malicious code or fraudulent content, as well as malware for cyberstalking, increased. At the same time, the activity of threats for hidden cryptocurrency mining and Android devices decreased.
Some of the changes in the world of cyberthreats are partly due to the situation with the COVID-19 pandemic. Cybercriminals have adjusted their strategies to profit from changes in people's lives and business operations. In particular, in March 2020, ESET specialists discovered a wave of fraudulent and malicious campaigns that used the topic of the pandemic as bait .
Loaders
In the first quarter of 2020, downloader activity decreased by a third, and the peak of this type of threat was recorded in February . This is due to the coronavirus outbreak and the exploitation of an atmosphere georgia number data of anxiety and tension among users by malware operators. In particular, attackers distributed malicious attachments with the theme of COVID-19 and directed attack vectors mainly to European countries.
Among the malware families, VBA/TrojanDownloader.Agent, which spreads via spam campaigns via malicious Microsoft Office files, topped the ranking in the first quarter. The spread rate of this threat was four times higher than VBS/TrojanDownloader.Agent, the second largest family of downloaders.
Banking malware
According to ESET telemetry, the number of detected banking malware increased in the first quarter of 2020. JS/Spy.Banker led the category, accounting for more than a third of all detected banking malware. This malware is used to steal victims’ banking details in browsers.
However, the most rapid growth was seen in the Win/Spy.Ursnif malware, which increased from almost 6% to 13% of banking software in the first quarter compared to the previous quarter. The threat specializes in stealing credentials and spreads via email via malicious links and attachments.
Ransomware
ESET specialists recorded an overall decline in ransomware distribution in the first quarter, with a peak in January. The most active ransomware families since the beginning of the year were WannaCryptor , Crysis , Sodinokibi, STOP, and Phobos, which lost positions in the ranking to each other during the quarter.
malware operators have been actively using new tactics. In particular, in addition to unwanted encryption of the victim's data, attackers have begun to steal users' confidential data and threaten to make it public if a ransom is not paid.
of 2020 was caused by the COVID-19 outbreak. Operators of some malware families (e.g. Maze, DoppelPaymer) made public statements promising not to attack healthcare organizations and not to worsen the pandemic situation.
Cryptominers
Some of the changes in the world of cyberthreats are partly due to the situation with the COVID-19 pandemic. Cybercriminals have adjusted their strategies to profit from changes in people's lives and business operations. In particular, in March 2020, ESET specialists discovered a wave of fraudulent and malicious campaigns that used the topic of the pandemic as bait .
Loaders
In the first quarter of 2020, downloader activity decreased by a third, and the peak of this type of threat was recorded in February . This is due to the coronavirus outbreak and the exploitation of an atmosphere georgia number data of anxiety and tension among users by malware operators. In particular, attackers distributed malicious attachments with the theme of COVID-19 and directed attack vectors mainly to European countries.
Among the malware families, VBA/TrojanDownloader.Agent, which spreads via spam campaigns via malicious Microsoft Office files, topped the ranking in the first quarter. The spread rate of this threat was four times higher than VBS/TrojanDownloader.Agent, the second largest family of downloaders.
Banking malware
According to ESET telemetry, the number of detected banking malware increased in the first quarter of 2020. JS/Spy.Banker led the category, accounting for more than a third of all detected banking malware. This malware is used to steal victims’ banking details in browsers.
However, the most rapid growth was seen in the Win/Spy.Ursnif malware, which increased from almost 6% to 13% of banking software in the first quarter compared to the previous quarter. The threat specializes in stealing credentials and spreads via email via malicious links and attachments.
Ransomware
ESET specialists recorded an overall decline in ransomware distribution in the first quarter, with a peak in January. The most active ransomware families since the beginning of the year were WannaCryptor , Crysis , Sodinokibi, STOP, and Phobos, which lost positions in the ranking to each other during the quarter.
malware operators have been actively using new tactics. In particular, in addition to unwanted encryption of the victim's data, attackers have begun to steal users' confidential data and threaten to make it public if a ransom is not paid.
of 2020 was caused by the COVID-19 outbreak. Operators of some malware families (e.g. Maze, DoppelPaymer) made public statements promising not to attack healthcare organizations and not to worsen the pandemic situation.
Cryptominers