Group-IB, a global threat hunting and intelligence company, evidenced the transformation of the threat portfolio over the first half of 2020. It came as no surprise that web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46% of the total number of fake web pages. Ransomware, the headliner of the previous half-year, walked off stage: only 1 percent of emails analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB) contained this kind of malware. Every third email, meanwhile, contained spyware, which is used by threat actors to steal payment data or other sensitive info to then put it on sale in the darknet or blackmail its owner.
In the first six months of 2020, CERT-GIB blocked a total of 9 304 phishing web resources, which is an increase of 9 percent compared to the previous year. The main trend of the observed period was the two-fold surge in the number of resources using safe SSL/TLS connection — their amount grew from 33 percent to 69 percent in just half a year.