Appearances are deceptive: although the number of cyber attacks is declining, cyber criminals are very active right now. The threat report confirms this. While Log4J is still under active attack, criminal actors are also using malware like Berbew, Neojitt, and FormBook to infiltrate organizations.
In mid-December 2021, the BSI issued a red alert for the Log4J (also known as Log4Shell) security vulnerability. Even then, the authority warned that cybercriminals were actively exploiting the vulnerability. These fears are currently coming true, as the current threat report from G DATA CyberDefense shows.
Targeted attacks on Log4J vulnerability
Instead of new waves of attacks, cybercriminals are currently launching targeted attacks on companies that they infiltrated via the security gap at the end of the year. At that time, the attackers installed backdoors unnoticed, which they are now exploiting and injecting further malicious code into the network – even encrypting the data. Particularly dramatic: not all companies have yet closed this vulnerability. So, they continue to be a potential target for cybercriminals. They also have the appropriate tools to find and infiltrate these exposed systems.
Scan for the gap
"Unfortunately, the fears from the beginning of the year about exploiting the security gap in Log4J have come true," says Tim Berghoff, Security Evangelist at G DATA CyberDefense. “Because of the easy exploitability, criminals have compromised hundreds of thousands of systems in advance and have only recently started to monetize these infections, for example by installing ransomware. Those who installed the provided security update early should be on the safe side.”
As in the second quarter, the number of new cyber attacks is declining. Compared to the third to the second quarter of 2022, the number of attacks prevented fell by 13,7 percent. The number of repelled attacks on business customers fell by 7,5 percent from the second to the third quarter.
New ways of attacking the network
Cyber criminals are currently using the malware Berbew, Neojitt and Formbook to attack systems. Berbew is a Trojan that reads passwords and sends them to a remote web server. In addition, Berbew acts as a web proxy, allowing attackers to use the infected system as a relay for remote access to other systems. Cyber criminals distribute the Trojan via email as an attachment with malicious code or via data sharing programs.
FormBook is an infostealer that leaks data from infected systems, such as login information cached in web browsers or screenshots. Additionally, it also offers downloader functionality, allowing attackers to run malicious files on an infected system. Formbook is so popular because it's marketed on underground forums at a cheap price for Malware-as-a-Service (MaaS) models.
No reason to give the all clear
Despite the declining numbers, IT security in Germany is in bad shape. Attackers consistently exploit security gaps to compromise companies. Even inattentive employees often open the door to the network for cybercriminals when they fall for phishing emails and open attachments with malicious code or disclose access data on fake websites. Many companies still have some catching up to do here – both in terms of technological protective measures and when it comes to security awareness.
More at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.