In its annual Consumer Threat Landscape Report, Bitdefender compiles the results of the data observed in its telemetry for the year 2021. Especially during the pandemic, cybercriminals took advantage of the moment and increased the dangers for users enormously
For 2021, the manufacturer could see little light and a lot of shadow. There were new negative records in almost all branches of cybercrime. Adding to this bleak outlook is a new front: unprotected digital identities, which through careless consumer behavior invite criminal activity from hackers.
Windows system remain important targets for cyber criminals
Of the numerous threats that have targeted Windows systems over the past year, five main categories have remained unchanged: Exploits, Trojans, ransomware, coin-miners, and potentially unwanted applications (PUAs). PUAs in particular seem to be popular in attacks on Windows systems. They account for a third of all threats targeting Windows systems. Macs have slightly fewer differences when it comes to malware. Trojans, potentially unwanted applications (PUA), adware and coin miners were analyzed on macOS. The vanishingly small proportion of ransomware at a full one percent creates a false picture. It obscures the fact that many solutions recognize a Trojan as the prelude to a larger attack right from the start. Trojans are the gateway to pave the way for subsequent payloads: such as ransomware, the hijacking of resources for cryptominers, or other malware.
Ransomware: Germany is the attackers' second most important target
🔎 Global distribution of ransomware attacks by country (Image: Bitdefender).
Solar Winds, the Colonial pipeline, Kaseya, and Brenntag are just a few of the big names involved in high-profile ransomware attacks. The extortionists favored industries with well-known companies and large critical infrastructures—key characteristics that indicate a victim is likely to pay the ransom. The US leads the way with 33% of attacks, followed by Germany with a whopping 12%. The blackmailers concentrated their activities primarily on countries that they considered to be profitable.
IoT devices remain a problem
The world of networked intelligent devices continues to pose major challenges for IT security. The risk of using them for DDoS attacks is particularly high. Neither the mobile industry nor the IoT ecosystem have significantly improved their security posture. This means that many of the problems from the past are still there: the operating systems of many devices have numerous security gaps and are difficult to update. Passwords are still preset and do not have to be reset. Apparently, IoT security is still not a priority for vendors. One trend seems to be catching on: popular usually means safe. This means that widespread devices from well-known manufacturers are on average more secure than niche products from small manufacturers.
Unprotected digital identities encourage criminal activity
Digital activity has reached an all-time high during the pandemic, with careless consumer behavior further obscuring the global cyber threat landscape. According to Bitdefender Digital Identity Protection telemetry, only 21% of users have a low-classification digital identity. At this level, only one to five pieces of data are disclosed online. 62% of users do not appear to be concerned about their data being disclosed. More than ten pieces of personal data are publicly available. Even though 17% of users occupy an intermediate position with five to ten data items available online, the global average of exposed data sets is 26 unique personal data items.
Despite the concerns that users have about privacy in the digital age, they are dropping their guard and willingly sharing personally identifiable information online.
Analysis of Bitdefender Digital Identity Protection telemetry data also shows that URLs (26%), job titles (21%) and physical addresses (20%) are among the most vulnerable types of personal data. These records are supplemented with a variety of additional personal information, including usernames, educational background, full names and email addresses, and date of birth.
Android security still needs improvement
With a 70% market share, Android dominates the mobile world, putting it at more risk than iOS, which is second at 27%. Official Android stores remain a key infection vector, despite their supposed inherent security. Coupled with OS fragmentation, one of the platform's biggest problems, it's easy to understand why Android faces so many threats every day and why criminals invest time and effort into developing new threats.
A good example is the TeaBot and FluBot campaigns, which have a global reach and use very different methods of organic distribution. Thus, TeaBot was distributed via fake apps, sometimes even hosted on official stores. The attackers went even further and bought advertising space in legitimate, widely used Android apps that pointed to malicious Trojans.
For example, a QR code reading app hosted on the Google Play Store was observed to spread 17 different TeaBot variants in a short period of time. Although Google has repeatedly removed numerous malicious apps from its official store, the damage had already been done. Samsung's official Galaxy Store was also used to distribute malware in the form of Showbox clone apps.
Reinforced on the move: Kryptominer
🔎 Global distribution of cryptominers (Image: Bitdefender).
The hijacking of resources by coin miners is becoming increasingly important. Hackers use numerous infection vectors such as disclosed information, potentially unwanted applications or even warez downloads. Regions that give the hackers rich booty in the form of sufficient computing power are the main areas of distribution. These include the USA with 26%, APAC with 10% and Eastern and Central Europe with 8%. The EU countries Italy, Denmark, France, Romania, Germany, Spain and Great Britain account for 34%.
2022 will be different? Maybe in certain areas
A look back at 2021 shows that the threat landscape is and will remain diverse. The spectrum ranges from annoying spam to dangerous malware and digital identity theft. Cyber criminals are extremely creative and are always looking for new ways to monetize hacks. Computing power, personal identities and ransoms have been the driving force behind many attacks. The annual overview for 2022 will certainly bring new insights. Because the war in Ukraine creates new opportunities for spam and phishing. And new motives.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de