The current threat analysis by G DATA CyberDefense shows that cyber criminals also massively attacked private users and companies in the second quarter. The number of cyber attacks increased by 154 percent in the second quarter. In May alone, G Data registered more than twice as many attacks as in April.
"Cyber criminals continue to benefit from the Corona crisis and have made significantly more attempted attacks since the outbreak of the pandemic," says Tim Berghoff, Security Evangelist at G DATA CyberDefense. “Even if many employees have now returned to their office work from their home office, people spend a lot more time at the computer in their private lives. For example, to shop online or hire a delivery service for food. The attack surface has become significantly larger due to increased online usage. "
Cybercriminals are currently increasingly targeting private users. The number of attacks averted increased by more than 157 percent in the second quarter compared to the first. But companies are also still under attack. The cyber security experts at G DATA recorded 136,3 percent more attempted attacks on company networks. In May in particular, attackers were very active and tried to cause damage with massive adware campaigns. From April to May alone, the number of malware detected more than doubled (plus 119,4 percent).
Adware - advertising through the back door
In May, the cyber defense specialists were able to identify several large adware campaigns and stop them from spreading further. Even if it does less damage than ransomware at first glance, users should not underestimate adware. Because this malware collects personal data such as surfing habits. Data that monetize the backers. The sharp increase is also due to the fact that the developers keep developing their adware technically. For example, they circumvent some antivirus programs or restrictions imposed by the operating system. Another reason: unlike malicious malware such as ransomware, there is no need for complex techniques to develop appropriate adware campaigns. The effort is minimal, the yield maximal.
Malware Top 10: New malware samples every second
In the first half of the year, cyber criminals further increased the pace and tried to hide their malicious code from antivirus solutions with packers at ever shorter intervals. In the first half of the year, the G DATA experts discovered more repackaged variants of some malware families than in the previous year as a whole. At Trickbot, the number has almost tripled. Every 6,5 minutes on average, the criminals published a new trickbot sample and tried to infiltrate computers and networks. The remote access Trojan njRAT / Bladabindi already has as many new samples after 6 months as in the whole of last year. And Emotet, the cybercriminals' all-purpose weapon, was also very active at the beginning of the year before it got quieter in February.
The top 10 malware at a glance:
The top 10 malware are dominated by Remote Access Trojans (RAT). Seven of the ten families are RATs and enable remote control and administrative control of a third-party computer unnoticed by the user. The possibilities of manipulation range from spying on passwords to reading confidential data to deleting the hard disk or encrypting files.
Qbot adopts Emotet behavior
A newcomer to the ranking is Qbot. This RAT is currently using an attack pattern that was previously only known from Emotet: the malware adds a new entry to an existing mail conversation so that the recipient trusts the authenticity of the message and clicks the link contained in the mail. This link leads to a hacked website from which further malware is downloaded into the company network. Qakbot has been known since 2007 and has steadily developed - similar to Emotet, it has become an all-purpose weapon for cyber criminals. The original banking Trojan also has worm elements and is active as a credential stealer. Attackers use this to copy access data and misuse them.
Coinminer - The performance brake in the PC
G DATA also recorded high levels of coinminer activity in the first half of the year. Cyber criminals use the computing power of third-party computers to generate crypto currencies such as Bitcoin, Monero and Ethereum. More than 107.000 samples from different coinminer families were identified - one sample every 2,4 minutes on average. Coin mining is also not a new cyber threat, but has been known for several years. While the operator of the website or criminal intruders earn money with it, the users have to pay the increased electricity costs and use a computer with limited performance. Typical signs that a computer is being misused for mining are slow response times, unusual network activities or crashes and frequent restarts.
Conclusion: no trace of relaxation
Cyber criminals use a variety of methods to infiltrate company networks and private computers and misuse them for their own purposes. In doing so, they often take the path of least resistance and exploit loopholes in operating systems or applications. "Humans are still a gateway for attacks when they click on links in phishing emails or open attachments that contain malicious code," warns Tim Berghoff. “Up-to-date endpoint protection is therefore only half the battle in the fight against cyber attacks. Just as important are attentive employees who recognize such dangers and report phishing attempts. "
More on this at G Data.de