Get best of the week

52 Billion Attacks: Trend Micro 2019 Threats

image
Trend Micro 52 , — BEC-. 2019 Annual Security Roundup: The Sprawling Reach of Complex Threats, . — , .

The main conclusion of the study is that financially motivated cybercriminals work together and compete daily to get the most out of their victims. The number of threats is growing along with their diversity, since investments in cloud platforms, as well as the movement of company infrastructure in the clouds, have significantly expanded the attacked surface of modern enterprises. Among the main cybercrime tools that we recorded in 2019, the following can be noted:

  • ransomware;
  • phishing and BEC;
  • exploitation of critical vulnerabilities;
  • supply chain attacks;
  • mobile threats.

Extortionists


In 2019, ransomware maintained a leading position among other cyber threats. The number of incidents detected with this type of malware increased by 10% compared to 2018. The main targets for extortion campaigns are:

  • healthcare, in which more than 700 organizations were affected by attacks;
  • government organizations - in the United States alone, at least 110 state and municipal institutions became victims of ransomware;
  • educational institutions.

Russia continues to lead in the number of ransomware viruses detected in Eastern Europe, accounting for 4.15% of the total number of encryptors in the world.
It is noteworthy that despite the increase in the number of attacks, new types of ransomware were recorded 57% less often. Most likely, the reason is that the developers of malicious campaigns focused on identifying the most affordable targets that are more likely to pay a ransom, rather than creating new tools.

The desire to increase the effectiveness of ransomware viruses has led to the creation of cybercrime collaborations. For example, the Sodinokibi ransomware was used to conduct coordinated attacks on 22 Texas state units. The proceeds of the attackers amounted to $ 2.5 million.

In this series of attacks, a new method of cybercriminal earnings was used - Access-as-a-Service, in which some attackers sold or leased access to companies' network infrastructure to others. As part of the service, at a price of 3 to 20 thousand US dollars, various services were offered, up to full access to servers and corporate VPNs.

Phishing and BEC


The number of recorded phishing attacks in 2019 decreased compared to 2018 both in recorded attempts to access phishing URLs and in the number of client systems that were victims of fraudulent attacks.

image
Reported phishing incidents in 2018-2019 Source: Trend Micro

Despite the overall reduction in the number of attacks, targeted campaigns for users of the Office 365 service show a twofold increase. Their number increased by 101%.

Among the most popular phishing methods of 2019 are the following:

  • compromising the SingleFile web extension to create fraudulent copies of legitimate authentication pages on various services;
  • one-time password theft (OTP) using a fake bank page;
  • Interception of web search results on Google to redirect victims to a phishing page;
  • use of 404 Not Found pages for fake login forms.

In 2019, cybercriminals focused their efforts on the most profitable areas, which confirms the growth in the number of phishing attacks with the compromise of business correspondence (BEC).

In terms of the number of identified WEB threats, Russia is in fourth place in the world with 3.9% of global indicators. In the first positions are the USA, China and Brazil. Ukraine accounts for 1.3%, Kazakhstan - less than 0.5%.

image
Distribution of attacked posts in BEC attacks. Source: Trend Micro

The most popular targets in BEC attacks are financial executives, accounting departments, and professors.

Exploit Critical Vulnerabilities


Vulnerabilities in operating systems and services have been and remain a serious source of problems. In 2019, the Trend Micro Zero Day Initiative (ZDI) identified a significant number of different vulnerabilities. And although there were fewer identified problems in general, the number of serious vulnerabilities increased by 171% compared to 2018.

image
The number of vulnerabilities of various levels identified by the Trend Micro Zero Day Initiative. Source: Trend Micro.

The level of their danger also reflects the likelihood that these vulnerabilities will be actively used by cybercriminals as attack vectors.

Speaking about vulnerabilities, one cannot ignore the vulnerabilities of the Internet of things, which continue to be actively exploited by cybercriminals to create botnets. According to our data, the number of password attempts on IoT devices over the year increased by 180%.

Supply Chain Attacks


Instead of hacking well-protected banks, hackers prefer to obtain bank card data from more accessible places - for example, by attacking service providers for online marketplaces, online stores and other services with online payment.

Using attacks on suppliers, the Magecart and FIN6 groups were able to inject malicious code to steal payment information on many sites. Magecart has 227 hacked sites, and the FIN6 group has managed to compromise more than 3 thousand online sites.

Another popular area of ​​attack was the compromise of development tools and popular libraries.

In June , an error was detected in configuring the Docker Engine API - Community, which allowed attackers to compromise containers and run AESDDoS, a type of Linux malware that allows you to take control of a server and make it part of a botnet.

In the same month, it became known about the vulnerability CVE-2019-11246 in the Kubernetes command-line interface , the use of which allowed an attacker to use a malicious container to create or replace files on the affected host.

Mobile Threats


According to the study, Russia is in the top 15 countries by the number of detected types of malicious mobile applications, 1.1% of the global number of mobile malware is detected here.

In total, in 2019 Trend Micro recorded almost 60 million mobile malware, and in the second half of the year their number was almost halved.

One of the largest mobile threats detected in 2019 was related to several malicious Android apps downloaded 1 million times. These applications disguised themselves as a variety of filters for the smartphone’s camera and, after installation, connected to malicious management servers. During the analysis of the samples, it turned out that the malicious nature of the applications is rather difficult to detect. For example, one of such programs during installation removed itself from the list of applications. As a result, its uninstallation became almost impossible, because users could not even detect the presence of the program, not to mention the removal.

Recommendations


Protection against attacks in modern conditions requires the use of integrated solutions that would combine the protection of gateways, networks, servers and end devices. You can increase the level of IT security of the company using such methods of countering threats, such as:

  • segmentation of network infrastructure, regular backups and continuous monitoring of network conditions;
  • regular installation of updates for the OS and application software to protect against exploitation of known vulnerabilities;
  • Using virtual fixes, especially for OSs that are no longer supported by developers;
  • implementation of multi-factor authentication and access policies for tools with support for separate administrator accounts, for example, for remote access to desktops, PowerShell and developer tools.

More articles:


All Articles