How COVID-19 changed the malware: Four goals of cybercrime

2020 is a devastating year for most of the fields, with COVID-19’s impacts still lingering. The story of malware in 2020 then, has certain changes …

malware report in 2020

2020 is a devastating year for most of the fields, with COVID-19’s impacts still lingering. The story of malware in 2020 then, has certain changes that need to be addressed. What began as a global health crisis soon became a global economic crisis too, with almost no business left unscathed.

As the coronavirus’s very first outbreak in the city of Wuhan in China, cybercriminals started to see their chances to exploit. Criminals preyed on people’s fears mercilessly, with an avalanche of coronavirus phishing emails and scams.

If 2020 taught us anything, it must be the knowledge that cybercriminals stop for nothing.

The only form of business that seems to be left untouched, or otherwise, has been thriving in 2020 is the creation and operation of malicious software.

Key Takeaways of Malware in 2020

Malware Number

For its number, you can see that Malware detections on Windows business computers have decreased by 24% overall. Yet, detections for HackTools and Spyware on Windows increased dramatically by 147% and 24%, respectively.

Top 3 Threats

The top five threats for both businesses and consumers were:

  • The Microsoft Office software cracker KMS
  • The banking malware Dridex,
  • BitCoinMiners

Business detections for KMS and Dridex rose by 2,251% and 973%, respectively

Finally, the detections for the most notorious business threats Emotet and Trickbot fell this year by 89% and 68% respectively, although the operators behind these threats still pulled off several big attacks in 2020

The pace of innovation picked up in 2020 as many entirely new malware families emerged. Ransomware gangs continued to learn from each other too, with successful tactics spreading quickly between them. Perhaps the most important new tactic that emerged was “double extortion” which saw cybercriminal groups extorting more money with threats to leak sensitive data than from decrypting compromised computers.

Top 4 Cybercrime Goals in 2020

By observing trends in detections, attacks, and reporting throughout 2020, the company has identified four primary goals of cybercriminals during the pandemic.

Top 4 cybercrime goals in 2020

These goals often overlap and are not unique to this situation; however, we do not believe cybercriminals have ever enjoyed as much freedom to accomplish their wants, because in 2020, COVID-19 split the world – cybercriminals pounced, and the rest of the world scrambled.

Goal 1: Exploit Fear

The first goal involves utilizing fear, confusion, or any high emotion to get potential victims to click on links or open attachments. We have repeatedly seen this with past tragedies or world events, from the Boston bombing of 2013 to the 2016 US Presidential election. 2020 was no different, and COVID-19 made a nice hook for cybercriminals.

malicious phishing campaigns that fraudulently posed as requests from UNICEF

There were malicious phishing campaigns that fraudulently posed as health advisories, PPE order forms, and donation requests from charities, including UNICEF.

Gather Intel

In tandem with exploiting fear, cybercriminals sought to gather intelligence about targets. That meant deploying various information-gathering tools through malicious phishing attacks. During this time, threat actors leaned heavily on information stealers, Spyware, and tools that collected information about victims’ systems.

That intelligence gathering allowed cybercriminals to obtain a better understanding of the tools, types of access, and resources that employees relied on, especially after the shift to working from home (WFH).

In April, Google reported it was blocking 18 million spam emails related to COVID-19 per day!

Information gathering isn’t an effort specific to 2020, but it seemed critical in the first few months of the pandemic.


Every year, malicious tools get updated and upgraded, especially if the groups behind them find success in the cybercrime markets and have extra cash to reinvest in their tools. However, most of these upgrades are small increases in malware capabilities. Rarely do they surprise.

But, that changed in 2002, as we saw a waterfall of updates from some of the biggest malware names in the wild today.

There has been an increase in malicious spam posing as information regarding Zoom, Microsoft Teams, Slack, and other applications that employees began using more frequently

In addition, by mid-year, we saw malicious phishing email themes change away from COVID-19 messaging to messaging about the tools found through the information-gathering phase. This means that not only did malware get updated, but so did the tactics behind nabbing potential victims. For example, we saw an increase in malicious spam posing as information regarding Zoom, Microsoft Teams, Slack, and other applications that employees began using more frequently.


The final goal is likely the goal for every cybercriminal, all the time: Attack. In 2020, it took on new meaning. The increase in brute force attacks, combined with the deployment of customized intrusion tools, new exploits, and the use of sometimes commercial tools that are meant for penetration testing or identifying vulnerabilities in a network, allowed attackers to map out and infect networks faster than we have ever seen. These attacks against businesses, despite new techniques for infection – shared the same goal as most business-focused attacks in 2019, which was to launch network-wide ransomware infections.

As for the cybercrime goals to watch in 2021, expect much of the same. As employees hopefully return to the office and try to find normalcy, attackers will shift their tactics once again in order to improve their effectiveness against our defenses and weaknesses. But those predictions will have to wait until next year to be proven or disproven.