Wednesday, December 29, 2021

Calm before the storm: the number of cyberattacks decreases in the third quarter of 2021
28 December 2021


It seems like malicious actors are giving companies a second to breathe freely. This quarter, analysts recorded an overall decrease in cyberattacks compared to Q2 2021, but the number of threats targeting individuals increased, according to the report by Positive Technologies.

On December 23, Positive Technologies released their Cybersecurity Threatscape: Q3 2021 report, overviewing the latest attack vectors and trends. The overall share of cyberattacks decreased by 4.8% in the third quarter of 2021, but a small tendency towards an increase in attacks targeting individuals also became evident, rising from 12% last quarter to 14%.

Such results can be attributed to two factors. The first has to do with the decrease in ransomware incidents - this tendency is described by the report as a “rapid decline.” As such, ransomware peaked in April with 120 attacks recorded and was down to 45 in September - an overall 65% decline. Threat actors mostly targeted government, healthcare, scientific and educational institutions, with REvil, LockBit 2.0, and Conti at the cybercriminal forefronts.

The second reason concerns the departure or rebranding of some major ransomware groups. As such, REvil joined DarkSide to form the BlackMatter ransomware group after international cooperation caused their servers to shut down.

“So many ransomware groups rebranded around the same time this July, and now we see the results of that. I imagine all these new groups are going to want to establish themselves and potentially increase targeting, activity, and increase the level of attack against larger organizations to rebuild that name,” Alec Alvadaro, threat intelligence manager at the digital risk protection company Digital Shadows, said during the webinar in September.

Later in November, the group announced that the new project was being canceled following rising pressure from authorities. Although, many experts saw it as simply another rebranding campaign.

“Taking these factors into account, it is likely this is yet another ransomware group pretending to shut down when in reality it is just a rebrand and launch of a new, improved version sometime soon in the future,” Peter Mackenzie, the Director of incident response at cybersecurity company Sophos, told CyberNews.

Attacks against individuals accelerate

Although the overall state of cybercrime is slightly less daunting in Q3 of 2021 than Q2, attacks against individuals are on the rise. Most of the attacks targeted people (83%), computers or network equipment (39%), and mobile devices (20%.) Overall, 62% of all attacks against individual users resulted in data leaks. Threat actors were primarily interested in credentials (42%), personal data (21%), and payment card information (15%.)

There was an evident increase in the use of Remote Access Trojan (by 2.5 times) and loaders (by 2.2 times) against individual users. Out of the RATs and loaders, the report highlights the FatalRAT Trojan, which is distributed via malicious links in the Telegram messenger, and MosaicLoader, disseminated through ads and targeting users looking for pirated versions of software.

The number of attacks against individual users via social engineering tactics has also increased - up from 67% in Q3 2020 to the current value of 83%. In comparison, the number of social engineering incidents involving organizations plummeted from 47% in Q3 2020 to 41%. Other popular attack tools on individuals were malware (51%) and hacking (11%.) Malware was mainly distributed via websites (34%), email (19%,) and compromised computers (16%.)
Attacks against organizations drop slightly

Unlike with individuals, the number of targeted attacks against companies has declined from 77% in Q2 to 75% in Q3. Targets in this segment included computer networks (75%,) people (41%,) and web resources (21%.) The most popular methods used were malware (51%,) social engineering (41%,) and hacking (33%.)

Among organizations, various industries were targeted, but the government (21%,) healthcare (12%,) and manufacturing sectors (9%) were especially of interest to criminals. According to the report, the most notable attacks on the state agencies were the hit on the Greek city of Thessaloniki, which paralyzed its most critical IT systems, and on the Italian region of Lazio, which also resulted in disruption to its IT infrastructure.

Overall, incidents resulted in sensitive data leaks (45%,) disruption to activities (38%,) and financial losses (24%.)

While there is a popular misconception that only big firms are of interest to threat actors, it is not the case. Small companies often present more opportunities to cybercriminals, as they have fewer resources to invest in cybersecurity. As such, the Verizon Business Data Breach Investigation Report (DBIR) showed that SMEs were at a high risk of data breaches and cyberattacks during the COVID-19 pandemic. And the trend is unlikely to slow down.

While it seems like there is a slight improvement in the number of attacks this quarter, such values constantly change and depend on a variety of factors. To stay safe, it is important to maintain proper cybersecurity hygiene, implement security measures, and not let your guard down.

No comments: