McAfee Report Shows Threat Actor Evolution During Pandemic


McAfee, the device-to-cloud cybersecurity company, today released its McAfee COVID-19 Threat Report: July 2020 examining cybercriminal activity related to COVID-19 and the evolution of cyber threats in Q1 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. New PowerShell malware increased 688 percent over the course of the quarter while total malware grew 1,902 percent over the past four quarters. Disclosed incidents targeting the public sector, individuals, education and manufacturing increased; nearly 47 percent of all publicly disclosed security incidents took place in the United States.

“Thus far, the dominant themes of the 2020 threat landscape have been cybercriminal’s quick adaptation to exploit the pandemic and the considerable impact cyberattacks have had,” said Raj Samani, McAfee fellow and chief scientist. “What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”

Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.


McAfee researchers found it is typical of COVID-19 campaigns to use pandemic-related subjects including testing, treatments, cures, and remote work topics to lure targets into clicking on a malicious link, download a file, or view a PDF. To track these campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pmET; more information can be found here: McAfee APG COVID-19 Threat Dashboard.

“Cybersecurity cannot be solved by cookie-cutter approaches, each organization is unique and has specific intelligence requirements and objectives,” said Patrick Flynn, head of McAfee APG. “The McAfee COVID-19 Threat Dashboard utilizes data to create true analyzed intelligence, which allows users to understand the total threat environment, informing them of potential threats before they are weaponized.”


Over the course of the first quarter of 2020, McAfee Advanced Threat Research (ATR) observed malicious actors focus on sectors where availability and integrity are fundamental, for example, manufacturing, law and construction firms.

“No longer can we call these attacks just ransomware incidents. When actors have access to the network and steal the data prior to encrypting it, threatening to leak if you don’t pay, that is a data breach,” said Christiaan Beek, senior principal engineer and lead scientist. “Using either weakly protected Remote Desktop Protocol or stolen credentials from the underground, we have observed malicious actors moving at lightspeed to learn the network of their victims and effectively steal and then encrypt their data.”

Also Read: CSIR-CMERI Unveils COVID Protection System for Workplace

New ransomware declined 12 percent in Q1; total ransomware increased 32 percent over the past four quarters.


Malware overall. New malware samples slowed by 35 percent; total malware increased 27 percent over the past four quarters. New Mac OS malware samples increased by 51 percent.

Mobile malware. New mobile malware increased by 71 percent, with total malware growing nearly 12 percent over the past four quarters.

Regional Targets. Disclosed incidents targeting the Americas increased by 60 percent, incidents targeting Asia-Pacific increased 27 percent, while Europe decreased seven percent.

Security incidents. McAfee Labs counted 458 publicly disclosed security incidents, an increase of 41 percent from Q4. 50 percent of all publicly disclosed security incidents took place in North America, followed nine percent in Europe. Nearly 47 percent of all publicly disclosed security incidents took place in the United States.

Vertical industry targets.  Disclosed incidents targeting the public sector increased 73 percent of individuals increased 59 percent, education increased 33 percent, and manufacturing increased by 44 percent.

Attack vectors. Overall, malware led disclosed attack vectors, followed by account hijacking and targeted attacks.

Cryptomining. New coinmining malware increased by 26 percent. Total coinmining malware samples increased by nearly 97percent over the past four quarters.

Fileless malware. New JavaScript malware declined nearly 38 percent, while total malware grew nearly 24 percent over the past four quarters. New PowerShell malware increased by 689 percent; total malware grew 1,902 percent over the past four quarters.

IoT. New malware samples increased by nearly 58 percent; total IoT malware grew 82 percent over the past four quarters.