That cybercriminals are taking advantage of the global coronavirus pandemic is well known and not surprising, but a new Microsoft study provides a deeper glimpse into their behavior.

According to Microsoft, cybercriminals' exploitation of the coronavirus crisis peaked in early March, but then declined sharply, reaching a stable baseline in early April.

According to insights from Microsoft's Threat Defense Intelligence team, cybercriminals launched an opportunistic campaign when the World Health Organization revealed the Covid-19 pandemic on February 11.

"In the week following that declaration, these attacks increased 11-fold," the report states.

"While this was less than 2 percent of the total attacks Microsoft was receiving each month, it was clear that cybercriminals were looking to take advantage of the situation. People around the world were aware of the outbreak and were actively seeking information and solutions to combat it."

In early March, when many countries around the world began implementing lockdown measures to contain the spread of the infection, the number of Covid-19 attacks peaked at that point, according to Microsoft.

While online fraudsters are taking advantage of the global pandemic to launch effective attacks, the company says that the overall trend of malware detected worldwide, whether related to the coronavirus or not, does not change significantly during this period, with threats typically seen during a month It was a small fraction of the total volume, according to the company.

Interestingly, hackers did not reinvent the wheel when deploying attacks during this period. [Looking through Microsoft's extensive threat intelligence on endpoints, email, data, identities, and apps, this spike in Covid-19-themed attacks is the result of known attackers using existing infrastructure and malware, with new lures It was concluded that the attacks were re-purposed using.

Calling the attacks "opportunistic," Microsoft said they targeted key industries and those working on the pandemic, preying on people's concerns, confusion, and desire for solutions.

"Cybercriminals are highly adaptive and are always looking for the best and easiest way to acquire new victims. Commodity malware attacks, in particular, look for the method that offers the greatest risk/reward," Microsoft explained.

"While the industry may focus on advanced attacks that exploit zero-day vulnerabilities, for more and more people every day, the greater risk is being forced to run unknown programs or Trojanized documents."

In the report, the researchers focused on the U.S., U.K., and South Korea; while the Covid-19 attacks peaked in all three countries at the same time, the perpetrators tailored their attacks to different regional headlines around the world. [In the UK, for example, attacks spiked after the first coronavirus death was announced and when Prime Minister Boris Johnson was admitted to the intensive care unit with the virus.

Microsoft said, "Organizations should further improve their security posture by educating end users about spotting phishing and social engineering attacks and practicing credential hygiene.