G DATA threat analysis 2020

March 6, 2021
| No comments
G DATA threat analysis 2020

Share post

G DATA threat analysis 2020: Cyber ​​attacks every second. The number of cyberattacks averted rose by more than 85 percent from the first to the second half of the year.

The pandemic remains a festival for criminals - they take advantage of people's uncertainty for attacks. According to the current threat analysis by G DATA CyberDefense, the number of attack attempts averted rose by 2020 percent in the second half of 85. Cyber ​​criminals released 76 new versions of malware every minute last year. Security gaps such as Shitrix and Sunburst also served the attackers well for their malicious activities.

Current threat analysis

The risk of cyberattacks has also increased significantly in the past year. The current threat analysis by G DATA CyberDefense shows that the number of attack attempts averted has increased by more than 85 percent within six months - compared to the first to the second half of 2020. The number of attacks prevented increased from the second to the third quarter Almost doubled, the number of attacks fell slightly in the fourth quarter.

"We assume that in the past year numerous companies fell victim to an attack due to the hasty move to the home office - but have not yet noticed this," says Tim Berghoff, Security Evangelist at G DATA CyberDefense. “Cyber ​​criminals continue to mercilessly exploit any weakness in IT security. Critical security gaps, missing updates or careless employees are usually the beginning of a successful attack. And the current uncertainty among people is accelerating the development considerably.”

Old malware in a new guise

It is noticeable that cyber criminals rely on proven malware, some of which has been in use for several years, but is constantly being further developed. The following figure shows how great the danger is at this point: G DATA's cyber defense experts discovered more than 16,1 million different malware samples. Compared to the previous year, an increase of 228,6 percent. Every day, an average of 44.135 new malware samples threaten IT systems in Germany. That means: cyber criminals published 76 new versions of malware every minute

For the first time, Emotet, the cybercrime's all-purpose weapon, was not only ahead in terms of danger, but also in terms of the number of samples used: with a total of 888.793 different versions. In the entire previous year there were only 70.833 samples - an increase of 1.154,8 percent. Emotet was largely inactive in the first half of the year, so that only 27.804 new samples appeared in this period. More than 860.000 versions come from the second half of the year. In other words: the criminals published three new variants every minute. Emotet acts as a door opener and gives cybercriminals access to IT networks. The malware automatically loads other malicious programs such as Trickbot and Ryuk in order to spy out further access data and encrypt the system.

The top 10 malware at a glance

Place Name Variants Art

  1. (6) Emotet 888.793 malware distributor
  2. (-) QBot 98.800 Remote Access Trojan
  3. (-) Urelas 64.136 downloader
  4. (2) njRAT 63.969 Remote Access Trojan
  5. (10) NanoCore 52.736 Remote Access Trojans
  6. (-) Trickbot 50.043 malware distributor
  7. (-) AgentTesla 47.739 information stealer
  8. (-) RemcosRAT 43.902 Remote Access Trojan
  9. (-) Dridex 43.563 malware distributor
  10. (7) Shifu 36.892 banking Trojans

Previous year's placement in brackets

Cybercrime remains dynamic

How dynamically cybercrime is developing can be seen from the fact that six of the ten threats are new to the overview. Far behind Emotet follow QBot and Urelas. Qbot is currently using an attack pattern that was previously only known from Emotet. The attackers send a fake reply to an existing mail conversation. For the recipient, this fake email can hardly be distinguished from a legitimate message, so that the victims open the email attachment or click on the link. The original banking Trojan also has worm elements and is active as a credential stealer to copy user login data. Thus, Qbot is also an all-purpose weapon for cyber criminals. Third place in the malware top 10 is the downloader Urelas, which attackers use to download additional malware as soon as they have infiltrated a system.

The king is dead - long live ... yes, who?

A lot of movement can be expected in 2021, especially in the area of ​​these digital door openers. Because at the end of January there was an internationally coordinated strike against the operators of Emotet, which for years was dubbed the 'king of malware'. Large parts of the infrastructure behind Emotet were put out of action - with technical support from G DATA, among other things. At least in the medium term, this should leave a gap in the underground market, which other groups of perpetrators are now trying to fill.

Gaps with serious consequences

However, it is not only well-camouflaged malware that opens the door to private computers or corporate networks for attackers. As every year, numerous security gaps in applications and operating systems make it easy for attackers to infiltrate IT systems. Two of the largest are mentioned here as representative: Shitrix and Sunburst. Shitrix was one of the most dangerous vulnerabilities in recent years, which made it possible to run any applications remotely in the Citrix ADC. And was therefore to be classified as highly critical. In Germany alone, more than 5.000 companies were at risk, including operators of critical infrastructures such as hospitals, energy suppliers and authorities.

At the end of the year, government agencies and private companies discovered that their networks had been compromised. The origin lay in the network management software from the manufacturer SolarWinds. Over the course of months, criminals have been putting new individual components together to create spy software that has been firmly integrated into the network administration. The infected software updates did not arouse suspicion and were installed in numerous companies around the world. The attacks were mainly concentrated in the USA, but there were also vulnerable systems in Germany.

Digitization boost helps attackers

"The fight against cybercriminals requires decisive action from companies and private users," says Tim Berghoff. “Cyber ​​criminals are also taking advantage of the current digitization push and are stepping up their attack efforts. They also rely on automated attacks to infiltrate networks. Anyone who does not invest in IT security now is frivolously gambling away their digitization dividend.”

Companies have to prepare for ever more sophisticated attacks, because with Malware-as-a-Service, criminals carry out complex attacks that are difficult to defend. This not only requires modern endpoint protection, but also attentive employees who can nip attempts at attack in the bud through careful action.

More on this at GData.de

 

About G Data

With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

 

GData, PR News
, , , ,