Cyber ​​attacks every second

The number of cyber attacks averted increased by more than 85 percent from the first to the second half of the year!

The pandemic remains a feast for criminals - they are exploiting people's uncertainty to carry out attacks. According to the current threat analysis from G DATA CyberDefense, the number of attack attempts averted increased by 85 percent in the second half of 2020. Last year, cyber criminals released 76 new versions of malware every minute. Vulnerabilities such as Shitrix and Sunburst have also served the attackers well for their malicious activities.

The risk of cyber attacks has continued to increase significantly over the past year. The current threat analysis from G DATA CyberDefense shows that the number of attack attempts averted increased by more than 85 percent within six months - compared to the first and second half of 2020. The number of attacks prevented increased from the second to the third quarter almost doubled, the number of attacks fell slightly in the fourth quarter.

“We assume that numerous companies fell victim to an attack last year due to the hasty move to home offices - but did not yet notice it,” says Tim Berghoff, security evangelist at G DATA CyberDefense. “Cyber ​​criminals continue to mercilessly exploit any weakness in IT security. Critical security gaps, missing updates or careless employees are usually the beginning of a successful attack. And the current uncertainty among people is accelerating developments considerably.”

Old malware in a new guise

It is noticeable that cybercriminals rely on proven malware, some of which has been in use for several years but is constantly being further developed. The following number shows how great the danger is at this point: G DATA's cyber defense experts discovered more than 16.1 million different malware samples. Compared to the previous year, an increase of 228.6 percent. An average of 44,135 new malware samples threaten IT systems in Germany every day. This means that cybercriminals released 76 new versions of malware every minute

For the first time, Emotet, the all-purpose weapon of cybercrime, was not only ahead in terms of its dangerousness, but also in the number of widespread samples: with a total of 888,793 different versions. In the entire previous year there were only 70,833 samples - an increase of 1,154.8 percent. Emotet was largely inactive in the first half of the year, meaning that only 27,804 new samples appeared during this period. So more than 860,000 versions come from the second half of the year.

In other words: the criminals released three new variants every minute. Emotet acts as a door opener and gives cybercriminals access to IT networks. The malware automatically reloads other malicious programs such as Trickbot and Ryuk in order to spy on additional access data and encrypt the system.

How dynamic cybercrime is developing is clear from the fact that six of the ten threats are new to the overview. Far behind Emotet are QBot and Urelas. Qbot is currently using an attack pattern that was previously only known from Emotet. The attackers send a fake reply to an existing email conversation. For the recipient, this false email can hardly be distinguished from a legitimate message, so the victims open the email attachment or click on the link.

The original banking Trojan also has worm elements and acts as a credential stealer to copy user login data. This makes Qbot an all-purpose weapon for cybercriminals. In third place in the malware top 10 is the downloader Urelas, which attackers use to download additional malware as soon as they have infiltrated a system.

The king is dead - long live... yes, who actually?

A lot of movement can be expected in 2021, especially in the area of ​​these digital door openers. At the end of January there was an internationally coordinated strike against the operators of Emotet, which was dubbed the “king of malware” for years. Large parts of the infrastructure behind Emotet were taken out of action - with technical support from G DATA, among others. This is likely to leave a gap in the underground market, at least in the medium term, which other groups of perpetrators are now trying to fill.

Gaps with serious consequences

But it's not just well-camouflaged malware that opens the door for attackers to private computers or company networks. As every year, numerous security gaps in applications and operating systems make it easy for attackers to infiltrate IT systems. Two of the largest are mentioned here: Shitrix and Sunburst. Shitrix was one of the most dangerous vulnerabilities in recent years, making it possible to remotely run any application in Citrix ADC. And was therefore classified as highly critical. In Germany alone, more than 5,000 companies were at risk, including operators of critical infrastructure such as hospitals, energy suppliers and authorities.

By year's end, government agencies and private companies discovered that their networks had been compromised. The origin lay in the network management software from the manufacturer SolarWinds. Over the course of months, criminals have been putting together new individual components unnoticed from the outside to create spy software that is firmly integrated into the network management. The contaminated software updates did not raise suspicion and were installed in numerous companies worldwide. The attacks were primarily concentrated on the USA, but there were also vulnerable systems in Germany.

“The fight against cybercriminals requires decisive action from companies and private users,” says Tim Berghoff. “Cyber ​​criminals are also taking advantage of the current digitalization push and intensifying their attack efforts. They also rely on automated attacks to infiltrate networks. Anyone who doesn’t invest in IT security now is carelessly wasting their digitalization dividend.”

Companies must prepare for increasingly sophisticated attacks because criminals use malware-as-a-service to carry out complex attacks that are difficult to defend against. This not only requires modern endpoint protection, but also attentive employees who can nip attempted attacks in the bud through careful action.

Article image: Shutterstock / By Irina Anosova