Ransomware attacks reach disturbing levels
Ransomware attacks have reached 'stratospheric levels', now accounting for 69% of all attacks involving malware.
That is among the most disturbing finding in Cybersecurity Threatscape: Q2 2021, the latest report from security specialist Positive Technologies.
The research also reveals that the volume of attacks on governmental institutions in particular soared from 12% in Q1 2021 to 20% in Q2. And the company's Expert Security Center, which focuses on threat intelligence, during the quarter discovered the emergence of B-JDUN, a new RAT used in attacks on energy companies, and Tomiris, new malware that comes with functions for gaining persistence and can send encrypted information about the workstation to an attacker-controlled server.
The research found only a minor rise, 0.3%, in overall attacks from the previous quarter. This slowdown was to be expected as companies took greater measures to secure the network perimeter and remote access systems during a global pandemic and the growth of a dispersed workforce. However, the rise in ransomware attacks - in particular a 45% jump in the month of April alone - should cause grave concern.
On a related note, Positive Technologies identified a ban by Dark Web forums on the publication of posts regarding ransomware operators' partner programs. This indicates that in the near future, these partners may no longer have a distinct role - ransomware operators themselves could take over the task of assembling and supervising teams of distributors.
The researchers also note a growing pattern of malware specifically designed to penetrate Unix systems.
"We've got used to the idea that attackers distributing malware pose a danger to Windows-based systems," says Yana Yurakova, Information Security Analyst, Positive Technologies.
"Now we see a stronger trend of malware for attacks on Unix systems, virtualisation tools, and orchestrators. More and more companies, including larger corporations, now use Unix-based software, and thats why attackers are turning their attention to these systems."
Among other findings:
- 69% of all malware attacks targeting organisations involved ransomware distributors, a 30% jump over the same quarter in 2020
- There's been a noticeable change in the landscape for the retail industry - a sharp decrease in attacks with web skimmers, accompanied by a rise in interest among ransomware distributors. Ransomware attacks on retailers accounted for 95% of all attacks using malware. This is likely because previous attacks in this industry mostly targeted data - payment details, personal information, credentials, etc. Now, they pursue financial gains more directly through ransoms
- The volume of social engineering attacks targeting retail also increased from 36% in Q1 2021 to 53% in Q2