Positive Technologies experts summed up third quarter of 2020. The company's report notes a significant increase in the number of attacks on organizations using ransomware, an increase in the overall share of hacking to 30%, as well as a surge in attacks on medical institutions. In addition, attackers are increasingly exploiting public interest in the COVID-19 vaccine.
According to the study, the explosive growth in the activity of attackers, which was observed in the first half of the year against the background of the outbreak of the coronavirus pandemic, finally began to slow down. However, the number of total attacks remains consistently high, and the trend towards a quarterly increase in the number of incidents continues. Thus, compared to the second quarter of 2020, the number of attacks increased by 2.7%, and compared to the third quarter of 2019 – by 54%.
In connection with the pandemic and the widespread transition to remote work, many companies have brought additional services to the network perimeter, which are not always reliably protected, and criminals have more opportunities for attacks.
The analysis showed that the share of exploitation of vulnerabilities among methods of attacks on organizations increased by 12 pp compared to the previous quarter and amounted to 30%. Among other things, attackers actively exploit security flaws in remote access systems. At the same time, the share of attacks on organizations using social engineering methods, on the contrary, has decreased since the beginning of the year: if in the first quarter it was 67%, then in the third quarter it was only 45%.
According to experts, the third quarter saw a record jump in the number of ransomware attacks on organizations. So, in every second attack with the spread of malware, ransomware were involved. Last quarter, they accounted for only 39% of all malware attacks, up from 51% this quarter.
Another surge in the number of attacks directed at medical organizations was also recorded. Half were perpetrated by the ransomware operators, and the consequences were significant. Not only clinics that directly provide care to patients with COVID-19 were under attack, but also research centers that are developing a vaccine. In such cases, the main goal of attackers is information about the latest developments and the results of testing.
In general, cybercriminals often targeted government agencies (14% of the total number of attacks), industry and energy (11%), and medical institutions (10%).
“According to our information, the topic of COVID-19 is being exploited by cybercriminals and in attacks on individuals,” says analyst Yana Yurakova. – If in the last quarter hackers offered remedies or additional information about the virus in their phishing mailings, now they are more likely to speculate on the topic of a vaccine against it. At the same time, we see that the number of phishing emails about the coronavirus is rapidly declining. The share of social engineering attacks that address the pandemic dropped from 16% last quarter to 4% this quarter. ”
The number of attacks on medicine has grown significantly compared to the third quarter of 2019: if then experts recorded only 11 attacks, now 46 cases have already been recorded. This is due to the increased interest of criminals in medical organizations, which are now at the forefront in the fight against coronavirus infection. Half of the attacks were carried out by ransomware operators.
The number of attacks on industry is also growing. If for the whole of 2019 there were 125 of them, then in 2020, in the first three quarters alone, experts have already recorded 170 attacks. Industrial companies were mainly attacked by ransomware and APT groups such as Maze, Sodinokibi, Netwalker, Nefilim, DoppelPaymer, Snake, RansomEXX, Conti.