Cyber attacks are becoming increasingly targeted in nature
- Published: Tuesday, 03 December 2019 08:47
Positive Technologies has released its cyber security ‘threatscape’ findings for the third quarter of 2019. The main trends highlighted in the report include an increase in the number of unique cyber incidents, a large amount of activity by APT groups engaged in targeted attacks, and a two-to-one greater incidence of data theft in comparison to direct financial gain as an attack motive.
Criminals pick their targets
The top trend identified is that targeted attacks continue to outnumber mass attacks. Targeted attacks accounted for 65 percent of the total in Q3, compared to 59 percent in Q2. The most common targets for attackers are governments, industry, finance, science, and education.
In Q3, the share of cyber attacks aimed at data theft grew to 61 percent of all attacks on organizations and 64 percent of all attacks on individuals (compared to 58 percent and 55 percent, respectively, in the second quarter). The share of attacks with direct financial motivation was 31 percent.
One out of five attacks was directed against individuals. Almost half (47 percent) of all data stolen from individuals consisted of credentials (usernames and passwords). In attacks on organizations, personal data made up 25 percent of all stolen information.
Changing attack methods
Positive Technologies noted a reduction in cryptocurrency miner attacks, to just 3 percent of attacks against organizations and 2 percent of attacks against individuals. This may be due to the gradual transition by attackers to malware with multifunction capabilities. One example is the Clipsa Trojan, which can stealthily mine cryptocurrency, steal passwords, tamper with addresses of cryptocurrency wallets, and launch brute-force attacks against WordPress sites.
Organized cyber crime
During the quarter, the PT Expert Security Center (PT ESC) regularly detected attacks by APT group TA505. The group's arsenal includes Dridex (a banking Trojan), Cryptomix (ransomware signed with certificates issued to dummy legal entities), ServHelper and FlawedAmmyy (remote administration Trojans), as well as Upxxec (a plugin able to detect and disable a large range of antivirus software). The PT ESC also detected attacks by APT groups such as RTM, Cobalt, Bronze Union, APT-C-35, KONNI, and Gamaredon.
Positive Technologies also found in late summer that Emotet, one of the world's largest botnets, resumed operations after a lull of several months. The botnet's operators offer malware as a service (MaaS): by providing access to Emotet-infected computers, they enable other cyber criminals to infect victims with yet more malware, such as Trickbot and Ryuk.
In the researchers' opinion, the majority of cyber attacks are not made public due to the reputational risks they present.