It turns out coronavirus malware wasn’t even that big a deal

(Image credit:

Although coronavirus-related cyberattacks received significant attention early in the pandemic, Microsoft believes the threat posed was largely overstated.

A new blog published by the Microsoft Threat Intelligence Protection Team outlines how the volume of malware threats detected worldwide did not vary significantly during the pandemic, and coronavirus malware accounted for “barely a blip" in the total volume recorded

Microsoft claims opportunistic malware and phishing attacks began after the World Health Organization (WHO) first started using the title “Covid-19” in February. These attacks peaked, however, in early March and have since settled into a consistently low cadence.

Coronavirus malware

According to Microsoft, cybercriminals are by nature opportunists; lures change frequently and fluidly, but the underlying malware remains consistent.

During the peak of the crisis, hackers deployed bespoke attacks in each territory, attaching malware campaigns to events of specific local concern.

In the UK, for example, coronavirus malware attacks peaked after the first confirmed death and again following the FTSE 100 crash and introduction of the US travel ban.

However, while the number of coronavirus-related cyberattacks spiked at various junctures, the overall number of cyberattacks shifted little from the usual rate, suggesting cybercriminals altered planned attacks rather than launching entirely new campaigns.

(Image credit: Microsoft)

“Covid-19-themed attacks are just a small percentage of the overall threats Microsoft has observed over the last four months,” reads the blog post. “Based on the overall trend of attacks it appears that the themed attacks were at the cost of other attacks in the threat environment.”

The best defence against the kinds of opportunistic, localized attacks identified over the past few months, according to Microsoft, is an emphasis on training end users how to spot phishing and social engineering attacks - as well as a commitment password best practices.

“Defender investment is best placed in cross-domain signal analysis, update deployment and users education...Investments that raise the cost of attack or lower the likelihood of success are the optimal path forward,” Microsoft noted.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.