Positive Technologies unveiled its Cybersecurity
Threatscape Q1 2021 research report, which finds cyber incidents
continue to rise, ransomware accounts for nearly two-thirds of all malware
attacks, and more cybercriminals are customizing malware for attacks on virtual
infrastructure.
The quarterly report shares information on relevant global
cybersecurity threats, with data based on Positive Technologies expertise and
investigations, as well as data from authoritative sources, produced for
companies and citizens concerned with the state of information security. It
looks at cyberattack key motives and methods, and highlights changing
cyberthreat landscape trends.
According to the research, the number of attacks increased
by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with
individuals accounting for 12% of the total. Cybercriminals attacked government
institutions, industrial companies, scientific organizations, and educational
institutions the most. Their main targets are personal data and credentials,
and attacks on organizations are also aimed at stealing commercial secrets.
The research shows that ransomware remains the most common
malware. Its share, among other malware used in attacks on organizations,
increased by seven percentage points compared to Q4 2020, now accounting for
63% of all malware. The report also finds Q1 saw several new pieces of
ransomware emerge -- for example, Cring,
Humble,
and Vovalex.
And WannaCry is reported to be running rampant again, which made
a name for itself in 2017.
Positive Technologies analyst, Yana Yurakova said: "Malware
developers keep looking for new ways to bypass security tools. They're using
unpopular programming languages to fly under the radar, as in the case of BazarBackdoor
(a remote access tool), which was rewritten in Nim. The operators of Vovalex
and RobbinHood
(ransomware programs) chose uncommon languages such as D and Golang,
respectively, from the get-go. Some attackers upgrade their tools with features
that erase traces of malicious activity."
The report also finds the ransom amounts demanded by
ransomware operators continue to grow, and due to the fact that some companies
refuse to pay, attackers come up with new extortion tactics - for example, they
threaten
to report the attack and data theft to a victim's customers, expecting that the
customers will persuade the company to pay a ransom to prevent the disclosure
of their personal data.
More and more cybercriminals are developing malware to
conduct attacks on virtualization environments, and some are aggressively
trying to exploit vulnerabilities already found in software for deploying
virtual infrastructure. The experts link this primarily to the global process
of moving corporate IT infrastructure into a virtual environment.
Dmitry Serebryannikov, Director of Security Analysis,
Positive Technologies, said: "Attackers carefully monitor information
about new vulnerabilities and try to find a use for these in their attacks as
soon as possible. In early 2021, Positive Technologies researchers helped
eliminate several critical vulnerabilities in VMware products, including CVE-2021-21972
in vCenter Server, which allowed remote code execution. After the vendor's security
updates appeared in early February and the bulletin was published, Bad
Packets researchers discovered multiple
network scans conducted to find vulnerable hosts. We strongly recommend
installing the security updates as soon as possible."
The research also finds the number of attacks targeting IT
companies remains consistently high for the second quarter in a row. In 15% of
cases during Q1 2021, hackers targeted IT companies to conduct an attack on
their customers or to steal customer data. At the beginning of 2021, there were
still reports in the media about new victims of the attack on SolarWinds.
Access a full copy of the report here: https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2021-q1/.