Ransomware, cryptocurrency fraud, and fleeceware are some of the most common cyber attacks. Avast analyzes the top cyber threats of 2021.
In 2021, cyber criminals continued to exploit new digital habits such as online shopping or video conferencing, which many people developed during the COVID-19 pandemic. A study by Avast (LSE: AVST), a leading global provider of IT security and privacy solutions, shows that the most common cyber threats of 2021 include ransomware and cryptocurrency malware and fraud. When it comes to mobile applications, adware and fleeceware are among the top threats.
Ransomware, cryptocurrency malware and scams
"The pandemic has changed almost every area of our lives - including the cyber world," says Michal Salat, Director of Threat Intelligence at Avast. “The attackers' methods are becoming more and more sophisticated. For example, cyber criminals are using techniques that make it difficult for users to discover them and are increasingly launching personalized cyber attacks. They are also developing new variants of proven techniques, particularly in the case of social engineering attacks such as fraud. "
Ransomware attacks hit businesses
Ransomware attacks were also a major topic in 2021, with companies like Kia Motors, MediaMarkt, Saturn, Colonial Pipeline Company and managed service provider Kaseya being infected. Avast compared the development in the first five months of the year (January to May) with the figures for the past five months (June to October) and observed a 38 percent increase in ransomware attacks on consumers in Germany. The number of attacks on companies also increased in the last five months of the year (June to October): the probability of a ransomware attack increased by 27 percent compared to January to May.
Sextortion, package delivery, and tech support scams
Online communication and shopping, which was booming during the pandemic, became the ideal gateway for fraud and phishing attacks in 2021. Earlier this year, Avast experts saw a spate of sextortion cases, of which over 500.000 were blocked. The cyber criminals took advantage of the increased use of video conferencing services during the Covid 19 pandemic and pretended to have accessed a user's device and camera. In several countries, users also received SMS messages with a reference to the FluBot banking Trojan: FluBot pretends to be a parcel deliverer in order to steal login data and other personal data. Cybercriminals tricked other users into believing that their computer was infected with malware. To fend off this, they should call a telephone hotline for technical support, which in reality was not necessary.
Phishing scams are on the rise
Phishing scams also continued to increase in 2021. The probability of falling victim to such an attack rose by 37 percent for companies in Germany (June to October) and by 12 percent for consumers. The latter remained the main target of phishing scammers: their average risk rate this year was 5,59 percent, more than twice as high as the rate for business customers (2,16 percent).
Cryptocurrency-targeted scams and malware
In addition, the Avast Threat Labs team identified a multitude of new threats in 2021 that aim to enrich themselves in cryptocurrencies at the expense of users. The top threats worldwide included Crackonosh and BluStealer. Crackonosh, a malware used to mine cryptocurrencies, was found in hacked versions of large games. BluStealer combines a keylogger, a document uploader and a cryptocurrency thief into a single malware that - like FluBot - used online orders during the pandemic to spread dangerous spam emails (malspam).
In addition to Crackonosh and BlueStealer, the Avast analysts also found malware that taps into cryptocurrencies and was distributed via HackBoss, a Telegram channel. At the time of discovery, cybercriminals had stolen over $ 560.000 in this way.
Mobile device threats continue to spread
According to Avast analyzes, the world's greatest threat to Android phones and tablets is still adware. Worldwide, 54,7 percent of the mobile threats identified between January and September belonged to this category. In second place were fake apps with 10 percent, in third place banking Trojans with 9,6 percent, followed by downloaders with 7,5 percent and spyware with 2,3 percent.
Fleeceware apps in particular became a problem for users in 2021. Avast discovered more than 200 new fleeceware applications in the Apple App Store and the Google Play Store. These apps promise free trials, but end up collecting hundreds of euros from their users with the help of subscription services. Recently, Avast also came across fraudulent websites posing as national postal services from various European countries, including retail stores from the Czech Republic, Russia, Sweden and Ukraine.
Almost 20.000 dangerous Android apps
In 2021, however, it was not just cybercriminals who became the threat. In early September, Avast experts found over 19.300 Android apps revealing user data due to an incorrect configuration of the Firebase database, an Android tool that developers can use to store user data. This affected a wide range of different apps worldwide, including lifestyle, fitness, games, food delivery and mailing apps. Personal information such as names, addresses, location data and in some cases even passwords were disclosed.
Cyber criminals target all users
Cyber criminals have kept many of their tricks this year, says Michal Salat. “They use social engineering to spread malware and get users' money. They abuse technology like stalkerware to invade people's privacy. Or they induce endangered target groups to pay for fleeceware apps or unnecessary technical support, ”summarizes the Avast malware expert. “In general, we are seeing an increase in online threats that affect the way people experience the digital world. Everyone is targeted - from consumers to hospitals and oil pipelines to food companies around the world. With our investigations, we want to raise awareness of the current digital threats and prevent people from falling victim to cyberattacks in 2022. "
More at Sophos.com
About Avast Avast (LSE: AVST), a FTSE 100 company, is a leading global provider of digital security and privacy products. Avast has over 400 million online users and offers products under the Avast and AVG brands that protect people from threats from the Internet and the evolving IoT threat landscape. The company's threat detection network is one of the most advanced in the world, using technologies like machine learning and artificial intelligence to detect and stop threats in real time. Avast's digital security products for mobile, PC or Mac have been top-rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and other test institutes.