G DATA threat analysis: further doubling of cyber attacks in the third quarter. Attackers are still taking advantage of the corona pandemic to attack companies and private users.
In the third quarter of the year, the cyber defense specialists from Bochum had to fend off almost twice as many cyber attacks as in the second quarter of 2020. With large campaigns, attackers attack both private computers and company networks. Particularly active: Malware such as Emotet, Agent Tesla, Gozi or RanumBot. The insecurity of people in the Corona crisis and the continued high number of employees working from home are causing cybercrime to boom.
Q2 to Q3: Plus of 99,1 percent
The current threat analysis by G DATA CyberDefense shows that the number of cyber attacks continued to rise in the third quarter. The number of attack attempts averted has almost doubled within three months - an increase of 99,1 percent between the second and third quarter.
“The Corona crisis has massively accelerated digital change. But in many cases IT security does not keep pace at this high rate, ”says Tim Berghoff, Security Evangelist at G DATA CyberDefense. “In the meantime, many employees have been working from home for more than six months. At the beginning of the pandemic, companies focused on functionality. Understandably, business continuity initially had top priority. Now, however, IT security must be the focus of those responsible and comprehensive measures to ward off cyber attacks must be tackled. "
Cybercrime is a seasonal business
Cyber criminals were particularly active in July 2020. Compared to June, the number of cyberattacks increased by 176,1 percent - the highest increase within four weeks during the current year. After the sharp rise in July, the situation calmed down somewhat in August and September. The security analysts in Bochum recently recorded a decrease in cyber attacks. From August to September the number fell by 27,5 percent.
But there can be no talk of relaxation: The numbers are still at a high level and are extremely high, especially compared to the beginning of the year. The decline in attacks shows that cyber crime is also a seasonal business. The number of attempted attacks traditionally increases, especially at the beginning of the summer vacation period. For example, criminals send mass emails with supposedly cheap or fake vacation offers. This year, sending false warnings about travel and Corona was also a scam by the perpetrators. Another reason for the decline: time and again, attackers make adjustments to the malware or their IT infrastructure before starting the next wave of attacks. Your goal: to improve efficiency in order to increase profit.
Well-known malware
In total, the analysts at G DATA were able to identify 200 active malware families in the third quarter. Gozi, Agent Tesla, Emotet and Ranumbot / Glupteba were particularly active. Malware that has been wreaking havoc for a long time and causing high levels of damage. Gozi has existed since 2006. Gozi usually penetrates the victims' systems via phishing emails and has screen capture and keylogging functions. The malware derives login data that is stored in browsers and e-mail programs.
Emotet: After a break in the spring of this year, Emotet, the cybercriminals' all-purpose weapon, has picked up speed again. The malware has become very complex. Nothing is left of its original function - manipulating online banking transactions. For this, Emotet has shifted to other areas. From tapping mail contacts to creating detailed communication profiles of attack victims to being a door opener for other malware.
Agent Tesla: has been active for more than six years and is a sophisticated keylogger and information stealer who records keystrokes, reads data, creates screenshots and intercepts access data. Attackers are currently linking these attacks with current social engineering methods and referring to Covid-19 in Phishinig emails, so that they are still causing great damage.
RanumBot deactivates all security services and the Windows firewall on an infected system, thus opening a door to further malware such as the Glupteba Trojan. In addition, the malware changes the default settings in the Windows registry to be activated automatically every time Windows is restarted.
More on this at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.