Facebook is the number one most imitated platform when it comes to phishing, and malware has been hidden in manipulated Zoom installations!
Attack Landscape ” report for the first half of 2020, the cybersecurity specialist F-Secure analyzed the development of international cybercrime and identified the key trends.
Many people will remember 2020 as the year of the lockdown - and COVID-19 is also the dominant topic in cybersecurity: attackers have reacted quickly and are trying to break into vulnerable systems using phishing and spam with the hook COVID-19 .
As reporting around COVID-19 began, the first phishing attacks on the same topic quickly emerged, according to F-Secures Report. The security experts at F-Secure recognized an increasing trend in the area of manually installed malware, i.e. malicious programs that are primarily loaded onto the computer by the user themselves (increase from 24% in 2019 to 35% in the first half of the year 2020). The growth of this method could be due to the fact that thousands of fake domains have been registered that, for example, imitate “Zoom” downloads. They speculate that office workers who are now working from home will want to install software for video conferencing. This gives the attacker access to the victim's computer and installs ransomware in order to make financial profit.
[mk_ad]
“Cyber criminals have few operational limitations, allowing them to quickly respond to current events and incorporate them into their campaigns. The early days of the COVID-19 outbreak left many people confused and worried, and attackers sought to exploit these fears,” said Calvin Gan, a manager of F-Secure’s tactical defense unit.
No trace of the Corona crisis among cybercriminals
The fraud attempts have largely shifted their content to topics relating to the coronavirus. Although general economic output has collapsed dramatically, there was no sign of a Corona crisis among cybercriminals. A flood of pandemic-related spam emails was registered in March, April and early May 2020. For example, one campaign sent emails offering face masks for sale, which were in high demand at the time. The unsuspecting prospective buyers then became infected with info stealers on the associated shopping websites.
Who is targeting whom?
A now popular category in the "Attack Landscape" report is the "Who's after who?", in which F-Secure's security experts evaluate which countries most attacks originate from and which countries are the target of such attacks. The data is based on vulnerable servers that are placed online by F-Secure like honeypots and provoke attacks that are then documented. The traffic on the honeypots was similarly high as in the first half of 2019 (1st half of 2019: 2.9 billion; 1st half of 2020: 2.8 billion), which would be proof of this: Whether it's a pandemic or not, the attackers are betting continue their activities.
However, you have to treat the data with some caution. Attackers often use proxies so that the actual country of origin cannot be determined. The selection of source countries is often determined by how strict the local laws against cybercrime are. The countries whose IP addresses received the most attacks are China, the USA and Ireland. Germany is in eighth place among the world's attack source countries.
While most of the attacks came from the Chinese IP space, China itself was also the target of the attacks, with a significant share of the traffic. However, there are also some European countries among the most affected countries: Norway, Bulgaria, the Netherlands, Denmark, Austria, the Czech Republic and Hungary are all in the top ten target countries.
Some other findings of the report include:
- There was another increase in traffic in June at the start of the Black Lives Matter movement.
- When it comes to phishing, Facebook is the number one platform most imitated, followed by companies from the financial sector (e.g. PayPal).
- The number of attacks on cloud services and email providers such as Microsoft 365 also saw an upward trend.
- Telnet and SSH are the ports with the most traffic.
The full “Attack Landscape” report for the first half of 2020 is available on the F-Secure blog .
Article image: Shutterstock / By Viacheslav Lopatin
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )