Check Point experts summed up the first six months of 2020 and presented a report on the most active cyber threats in the first half of the year. The report states that, on average, one company in Russia had 570 attacks per week, with the world average number of attacks per organization being 474.
Researchers say that scammers have been actively using the pandemic and related topics to deploy attacks. So, in the first half of the year, the cyber threat landscape looked like this.
- Cloud attacks… Cloud attacks continue to grow, and misconfiguration of cloud resources continues to be the main cause of such attacks. In addition, there has been an increase in attacks targeting cloud service providers.
- Evolution of mobile threats… More and more types of malware are adapting to the conditions of today's mobile world – attackers are exploiting more and more vulnerabilities in mobile devices, applications and operating systems.
- Trampoline attacks… Attackers are constantly on the lookout for entry points to the company's network. When all potential methods have already been tried, the attackers step back from the target and focus on finding a vulnerable "springboard", the attack on which will help to hit the final target. For example, service providers and business partners often become springboards for attacks on other companies.
- Magecart epidemic… Against the backdrop of the development of online commerce, the number of attacks on online shopping sites has sharply increased. Attackers inject malicious code into websites that steals personal data, as well as information about bank cards.
- Ransomware… The researchers note that attackers are increasingly teaming up with each other. For example, botnet creators sell malware to other hackers, who study in detail the network of their targets and steal company data even before files are encrypted. The most common targets for these attacks are software companies, the public sector, and healthcare organizations.
“The conditions of our life are constantly changing, and therefore the methods of attacks by cybercriminals are evolving. The scammers quickly took advantage of the self-isolation regime introduced and the massive transition of people to a given job. However, despite the fact that restrictive measures in a number of countries are weakening, the activity of hackers is only increasing, – explained Vasily Diaghilev, head of the Check Point Software Technologies office in Russia and the CIS.
As a result, the list of the most active threats in Russia is as follows:
- Emotet (6%) – advanced modular malware. Emotet was once a common banking Trojan, but has recently been used to further spread malware and campaigns, and can also send phishing emails containing malicious attachments or links.
- RigEK (5%) – contains exploits for Internet Explorer, Flash, Java, and Silverlight. Infection begins with redirecting the victim to a target page containing a Java script that looks for vulnerabilities and uses exploits against them.
- XMRig (5%) —Open-source miner, first discovered in May 2017. Used to mine Monero cryptocurrency.
- Agent tesla (3%) is a RAT Trojan that has been infecting computers since 2014 with the functions of a keylogger and password stealer. Capable of tracking and stealing inputs, taking screenshots and extracting credentials related to various programs, including Google Chrome, Mozilla Firefox, and Microsoft Outlook.
- Phorpiex (3%) is a Windows worm that creates files that are automatically launched on removable devices for further self-propagation. Engaged in sending ransomware spam and spreading other malware.