In the first quarter of 2020, 22.5% more cyber attacks were detected than in the fourth quarter of 2019.
Positive Technologies experts analyzed cyber attacks in the first quarter of 2020 and found that the number of cyber incidents increased significantly compared to the previous quarter, about 13% of phishing attacks were related to COVID-19 and more and more encryption operators demand ransom for non-disclosure of stolen information .
According to the study, in the first quarter of 2020, 22.5% more cyber attacks were detected than in the fourth quarter of 2019. During the quarter, 23 APT groups showed high activity, the attacks of which were aimed mainly at government agencies, industrial enterprises, the financial industry and medical organizations.
As the analysis showed, more than a third (34%) of all attacks against legal entities using malware were attacks by encryption trojans. Experts note that some cryptographic operators have created their own sites on which they publish files stolen from victims in case of refusal to pay a ransom. Every tenth attack by cryptographers was aimed at industry. At the same time, at the beginning of the year, the attention of many cybersecurity specialists was attracted by the new Snake cryptographer, which can remove shadow copies and stop processes associated with the operation of industrial control systems.
Specialists note that the relevance of malware infection is growing. At the same time, cybercriminals are not limited to one type of malware: they use multifunctional trojans or download a whole bunch of various malicious programs onto compromised devices. To prevent infection, experts recommend checking email attachments for malicious activity using sandbox class solutions .
Compared to the last quarter of last year, the proportion of attacks on government agencies using malware (81% versus 66%) and social engineering methods (79% versus 66%) increased significantly. According to Positive Technologies experts, the epidemic situation could have contributed to this: many attackers sent letters with malicious attachments on the topic of coronavirus infection to government agencies in different countries.
“ Attackers picked up the topic of general concern about the pandemic and began to use it for phishing emails ,” said Positive Technologies analyst Yana Avezova . – According to our estimates, about 13% of all phishing emails in the 1st quarter were related to the topic COVID-19. Slightly less than half of them (44%) came from individuals, and every fifth newsletter was sent to government organizations . ”
“ Our experts have recorded an increase in the number of phishing mailings on the topic COVID-19 since the second half of January ,” says Alexey Novikov, director of Positive Technologies (PT Expert Security Center) . – The epidemic was used both for conducting massive malicious campaigns and for complex targeted attacks (APT attacks). Under the guise of official information on infection statistics, preventive measures, and a vaccine distributed allegedly on behalf of government bodies and medical institutions, malware from Emotet, Remcos, AZORult, Agent Tesla, LokiBot, TrickBot, and many other Trojans spread in the first quarter. TA505 groups sent out emails with malicious attachments about the epidemic “, Hades, Mustang Panda, APT36, SongXY, as well as the South Korean group Higaisa .”
[*] Sandbox – a solution that allows you to run a file in an isolated virtual environment and analyze its behavior for malicious activity. Both mass and targeted attacks are better managed by sandboxes with customization of environments.