G DATA threat report: attacks without malware are increasing. Cyber criminals continue to attack companies more and more. The decline in attacks in 2021 is deceptive, as the number of attacks was extremely high in the 2020 pandemic.
The current threat report from G DATA CyberDefense shows a significant decrease in the number of attack attempts averted in the first half of 2021 compared to the same period of the previous year. The reason for this is that attacks are no longer just used with malware. The risk for companies remains high.
40 percent decrease according to statistics
The number of cyberattacks averted has decreased by more than 40 percent compared to the first half of 2020. This is confirmed by the current G DATA threat report for the first half of 2021 compared to the same period of the previous year. The sharp decline is also related to the extremely high numbers in 2020. In the second quarter of 2020 in particular, cyber criminals exploited people's uncertainty as a result of the corona pandemic, which at the time led to a massive increase in the number of attacks averted (plus 156 percent). From the first to the second quarter of 2021, the decline is 15,6 percent. However, the current figures also confirm the trend that attackers continue to focus more and more on companies. While the number of averted attacks on private customers has fallen by almost 20 percent, the decline in the corporate environment is just under three percent.
“The time of large-scale attacks is over. Cyber criminals are increasingly targeting attacks on companies, ”says Tim Berghoff, Security Evangelist at G DATA CyberDefense. "We assume that in the past year in particular, many companies fell victim to a cyber attack due to the hasty move to the home office, but have not noticed it yet."
Targeted approach to attacks
Cyber criminals continue to exploit existing vulnerabilities for targeted attacks. In the first six months of the year in particular, various criminal groups actively exploited several major security gaps in Microsoft Exchange servers and infiltrated corporate networks.
Another example of how cyber criminals work is the so-called AMSI bypass. Attackers repeatedly try to bypass the Antimalware Scan Interface (AMSI) developed by Microsoft. Thanks to AMSI applications, security solutions actually scan for deficiencies. However, malware authors use automated tools to try to turn this interface off or to find a way around it - especially in order to use fileless malware.
Malware Top 10: Remote Access Trojans in Abundance
As before, QBot is not only one of the most active, but also one of the most dangerous malware programs. The successor to Emotet was used in the majority of the current attacks in the first half of the year. The attackers gradually developed the original banking trojan into an all-purpose weapon for cyber criminals. Many Remote Access Trojans (RAT) are still active. Seven of the ten most active malicious programs belong to this group. RATs enable remote control and administrative control of an external computer unnoticed by the user. For example, attackers can view the victim's desktop, log keystrokes, access the camera, copy login information stored in browsers or upload or download files.
The top 10 malware at a glance
- (3) Qbot Remote Access Trojan
- (2) njRAT Remote Access Trojan
- (1) Trickbot Malware Distributor
- (-) XRedRAT Remote Access Trojan
- (5) RemcosRAT Remote Access Trojan
- (-) Dridex information stealer
- (-) Tofsee Remote Access Trojan
- (-) Nanocore Remote Access Trojan
- (-) Musceador Trojan
- (10) AMRat Remote Access Trojan
(Previous year placement in brackets)
Malware-as-a-Service: Gootloader
A look at the current attack wave of the Gootloader malware family shows how cleverly cybercriminals have further developed their attack efforts. The malware authors have further developed Gootloader so that it can download and install various malware. The attackers push their own pages up with search engine poisoning. These look like legitimate pages, so that even tech-savvy users fall victim to this kind of deception.
“Companies should do their homework”
"Despite the falling numbers, there can be no talk of relaxation," says Tim Berghoff. “Instead, companies should do their homework and secure their IT. Technical measures are important, but it is at least as important to train the workforce in dealing with dangers - by no means all risks consist solely of malware. "
More at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.