ESET, a leader in information security, presents a ranking of the most common cyber threats in 2021. In particular, according to ESET telemetry, the tactics of extortion programs have become more aggressive, and the number of attacks by selecting passwords and phishing emails has increased.
In addition, ESET found DevilsTongue spyware targeting activists and journalists, as well as new activity by Gamaredon and APT Dukes in Europe. The latter has spread phishing messages to diplomats, think tanks, and international organizations in at least 12 countries.
Such threats have often made headlines in recent times, attacking critical infrastructure and large IT vendors. The level of detection of this malware remained stable with several periods of significant growth.
In particular, in the last 4 months, three main waves of the spread of extortion programs have been recorded. These included an attack that shut down Colonial Pipeline, the largest pipeline company in the United States, and an attack on a supply chain using a vulnerability in the Kaseya VSA software.
In both cases, the attackers targeted financial gain, not cyber espionage. In particular, the cybercriminals who attacked Kaseya demanded a ransom of $70 million, which is the highest known to date.
The tactics of extortionist programs have become more aggressive. This led to the involvement of law enforcement agencies, which in turn exposed several groups. However, the same cannot be said of TrickBot, whose number of detected samples has doubled since last year’s disposal.
Threats to information theft
The number of such threats increased by 15.7%. Such growth is quite predictable because, in the age of the Internet, information is a commodity that can easily be monetized by attackers. Among the 10 most common threats in this category were spyware, which took the first 6 places in the list, and backdoors, which took the next 4 steps.
Although banking malware is not in the top ten most common this time, the number of detected samples of this type has also increased.
Threats that spread through e-mail
The number of harmful e-mails also increased during the analyzed period. Among them were mostly phishing and fraudulent reports. E-mail threats peaked in the second half of August 2021, with the most common threat being the DOC/Fraud Trojan. This threat was mainly spread through e-mails in which fraudsters blackmailed recipients with videos of adult content.
The Microsoft brand was most often used in phishing emails. Attackers also often impersonated the DocuSign electronic signature service and the WeTransfer file sharing service, indicating in a letter that they were sending documents to the recipient for download.
Fake payment requests, followed by counterfeit banking communications and delivery of goods, continued to be the most common topic in malicious emails.
At the same time, the topic of COVID-19 was also used in spam emails, and fraudsters pretended to be government agencies and health care organizations to force recipients to share confidential information.
Threats to macOS and iOS
In 2021 the level of threat detection for macOS increased by almost 10%. This is due to an increase in the number of detected Trojans by almost half compared to the previous period. Their activity even outpaced the potentially unwanted programs (PUAs) that previously predominated among the threats to macOS.
The largest number of detected samples fell on the program OSX/Mackeeper PUA, which displays unwanted advertising. It is worth noting that this malware is the first in the ranking of threats to macOS for the second year in a row.
Threats to Android
The activity of such threats increased by almost 33% due to the growing proliferation of spyware, advertising, and banking malware. In particular, the activity of the latter species continued to grow since the beginning of the year, increasing by almost half between May and August.
In addition, the activity of malicious applications for cyberbullying has increased. During the analysis of 86 programs with such functionality, ESET specialists revealed numerous vulnerabilities that could endanger not only the data of the victims but also the spies themselves.
Picture Credit: Pexels
Phishing is far from new. The number of phishing attacks is growing every year, and the methods of attackers are improving.
What are phishing attacks?
Phishing attacks are a type of online fraud in which cybercriminals seek to get hold of personal data – logins and passwords of social networks, mailboxes, bank accounts, and bank card numbers.
Types of phishing:
- Mail. The oldest method of obtaining confidential data is through email campaigns with letters of various contents – from tempting offers to real threats. Using psychological influence, cybercriminals successfully obtain the personal data of users.
- Online. It appeared much later than the mail one and is a more sophisticated way of extracting information. Since in this case, the attackers use high-quality copies of authoritative sites that require the introduction of confidential data.
That is, the user enters his username and password, or bank card details in the form, without noticing that the address has been spoofed. In this case, the merit of the anti-phishing functions of antivirus software is especially great, since they detect and block such pages even before the user has time to see them.
Also, larger cyberattacks target the devices of employees of large companies to gain control over control systems.
Why you need anti-phishing software?
The need to use anti-phishing anti-virus is due to the statements of various organizations in the field of cybersecurity about the rapid development of phishing in the world.
Of course, in most cases, the goal of cyberattacks was large firms and gaining control over their infrastructure, but the scale of the problem is understandable, and the need to combat Internet fraud is obvious.
For example, compared to 2017, the number of cyberattacks in 2018 increased by 60%.
According to the results of their observations, almost a third of office workers safely open emails from strangers, therefore, become potential victims of phishing.
Internet fraud is rampant and, as practice shows, increasing cyber literacy has not yielded tangible results.
Phishing attacks are literally a key threat to information security.
Therefore, the problem should be solved by using anti-virus software, which provides a high-level protection against phishing attacks.
Effective anti-phishing protection is implemented only in paid versions of antivirus software. Let’s take a look at three of the most popular ones.
In Norton antivirus, anti-phishing protection works in three directions at once:
- Blocking phishing sites. Norton quickly detects and automatically blocks sites that are fraudulently trying to obtain personal information.
- Checking links in the social media feed. In addition to sending out luring links by mail, cybercriminals now post them on the pages of the most popular Internet communities. Norton has addressed this issue by checking social media links.
- Safely store usernames and passwords and protect your identity. With the use of antivirus, the threat of receiving user data during automatic input is reduced to zero.
Key benefit: Norton’s antivirus protection is available in even the most basic version of Norton Antivirus.
To assess the effectiveness of Kaspersky Lab products in terms of anti-phishing protection, it is better to look at the test results of the independent organization AV-test, according to which Kaspersky Anti-Virus recognized 100% of phishing links, of which none were false.
- Automatic module for checking virtual keyboards and links.
- An updated anti-phishing module with a heuristic analysis function that can get detailed information about a suspicious site.
- Data collection protection. A special module timely monitors and blocks resources that record usage scenarios.
Antiphishing functions are also available in all versions of Kaspersky anti-virus software, but remember that the basic package is available only to PC users and only for Windows.
In general, Panda’s antiviruses can boast of both an extended set of user settings and the availability of an anti-phishing module for all packages, even the basic one. The software is available for both PCs and mobile devices running any system.
However, in terms of anti-phishing protection, one drawback should be highlighted: when tested by an independent organization AV-test, it was Panda that showed a relatively slow performance of the anti-phishing module.
Picture Credit: Pexels
Antivirus software is the most reliable and comprehensive solution for dealing with online threats. To assess their severity, consider the most common types of malware attacks.
In wide circles, this term is applied to all malware, but viruses are only those programs that can independently enter a computer and add malicious code, or, in other words, “infect” a file, program, or the entire system. A virus infection can result in a system malfunction due to a violation of the data allocation structure or even complete removal of the operating system.
Unlike viruses, they do not infect other programs. Trojans also do not enter a computer on their own – attackers disguise them as useful software that the user himself installs. Trojans do even more harm because, in addition to deleting systems and personal files, they can steal confidential information.
There are malicious programs that are more dangerous than viruses and Trojans due to their high speed of spread using network resources. By instantly calculating network addresses, worms penetrate other computers, create working folders on system disks, and thus lead to system freezes.
This software is used to collect confidential information about a specific user through a total scan of the system and working folders of his computer. Spyware functions on someone else’s PC completely unnoticed, without exerting any visible load on the operating system. In addition to obtaining personal data, spyware is used to remotely control someone else’s computer.
Their main goal is to penetrate a computer, gain access to personal media files and encrypt them to extort funds for their decryption.
Is a separate type of malicious attack, which is the mass mailing of financial, political, and campaign letters. Attackers use spam for a variety of purposes – from extorting a large sum of money from the addressee to a banal load on mail servers, which leads to the loss of important data.
There is another common and dangerous type of malware attack that should be considered separately.
Phishing attacks are becoming more and more threatening over time, which is associated with:
- Mail spam-sending forms by mail to fill in personal data.
- Online phishing – the creation of pages copied from the original sites of social networks, online banking, payment systems.
- Mobile threats – SMS distribution, similar to mail spam, to extract personal data.
How does antivirus work?
Antivirus is still the only effective anti-malware tool, providing comprehensive threat protection.
To understand how antivirus works, let’s consider the main functions of antivirus software:
- Real-time threat protection. This is the basic function of all anti-virus programs, which is every-second monitoring of computer activity and timely protection against all incoming threats.
- Detection of threats. Selective or general scanning is used if the anti-virus is installed on a device that was previously functioning without protection. It is also useful to periodically perform a selective scan of the most vulnerable sectors of the system.
- Password manager. In fact, it is encrypted file storage for storing logins and passwords.
- Payment protection. This function is more often present in advanced versions of paid antiviruses and is aimed at preventing money theft during online payment.
- Antispam. Is a module that filters mail traffic by sending suspicious messages to a separate folder, where media files are blocked when messages are opened to prevent the penetration of worms. Filtering of advertising and campaigning spam is also carried out.
- Antiphishing. It is a module aimed at timely blocking of copy pages that collect the personal data of users.
- Parental control. Advanced settings allow you to set the necessary restrictions when a child works at a computer, thereby protecting him from viewing unwanted content and visiting potentially dangerous Internet resources.
Accordingly, the antivirus repels attacks in several directions at once, while it is designed both to eliminate the problem “in fact” and to prevent new attacks.
Picture Credit: Pexels
Attacks on 5G
The move to 5G is predicted to exacerbate threats to the telecom industry as 5G’s architectural features open up opportunities for new types of attacks on carriers’ networks. At the same time, according to Positive Technologies experts, during the transition period, when networks of previous generations will still be used for voice calls and SMS, all the shortcomings of their protection will be relevant for 5G subscribers for a long time.
With the development of artificial intelligence technologies and neural networks, attackers will be able to create a variety of information fakes – deepfakes, which can be used both to bypass biometric identification and to deceive the public and other purposes.
Supply chain attacks on the rise
The growth of attacks on supply chains was predicted in 2019, and this forecast remains relevant. Typically, attackers inject malware into the legitimate code of software developers, which then spreads to the victims. Trend Micro does not exclude that in 2020 MSSP providers may turn out to be a similar channel of infection for the organizations they serve, being compromised.
The rise of attacks using stolen credentials (Credential stuffing)
According to Chronicle experts, numerous data breaches that took place in 2019 will lead to the active use of this data to carry out attacks. With the increase in the amount of data available, stolen data substitution attacks will become an increasingly viable method of monetizing for attackers.
Attacks on devices and equipment, not windows machines
The focus of cybercriminals is shifting from personal computers to various IoT (Internet of Things) devices, network equipment, cameras, drones, etc. Avast predicts that cybercriminals will add sophisticated protection to malware targeting such devices, making them harder to detect and analyze, similar to how they protect malicious code on Windows. With the growing popularity of smart devices, the surface of IoT attacks will expand.
Growth of attacks on clouds
Active cloud migration creates new security risks. Corporate data stored in cloud services will increasingly become the target of malicious attacks that can be accessed through code injection attacks – deserialization errors, cross-site scripting, and SQL injection, Trend Micro predicts.
Increased complexity of attack methods
Experts unequivocally say that cybercriminals will become smarter and more sophisticated. McAfee is talking about a possible transition of attackers to two-stage campaigns using ransomware. It is also predicted that attackers will output data from infected devices using non-standard methods, for example, via signaling data or via Wi-Fi/4G connections.
In 2020, a significant increase in all types of attacks against RDP (Remote Desktop Protocol) is expected. Cybercriminals will be able to take advantage of poorly configured servers with RDP or exploit protocol vulnerabilities, depending on what is more profitable for them, according to Avast.
Attacks on critical infrastructure
There will be more attacks on critical infrastructure – experts from Group-IB, Trend Micro and Chronicle agree on this. Industrial espionage, traditional malware or ransomware attacks, supply chain attacks – the options vary. Attacks are expected both on energy enterprises, industrial systems, and life support systems and on government resources.
Development of cyber services for sale
Cyber service schemes for sale will evolve, gain momentum, and take on new forms, say Positive Technologies experts. For example, a scheme may become very popular when some attackers break into the infrastructure of companies and penetrate the internal network, and then sell or lease it to other participants in the shadow market (access as a service model).
Picture Credit: Unsplash
So, how can you clean a USB flash drive from viruses?
1) Checking a flash drive using an alternative antivirus
To begin you can use some kind of antivirus that does not need to be installed (they are also called scanners, online scanners).
It is enough to download such products to your PC and run a system check. They can work in parallel with your installed antivirus and will not interfere with it in any way.
What to choose:
- ESET’s Free Online Scanner is an anti-virus utility that does not need to be installed. Allows you to run an anti-virus system scan in a matter of minutes (including selecting any disks, flash drives, memory cards to scan).
- McAfee Security Scan Plus is a very famous software for quick scanning of your computer. It can work in parallel with your installed antivirus (there is no point in removing it after checking).
2) Check with special utilities
No matter how good your regular antivirus is (if it is installed on the system), it cannot “see” and recognize some types of threats (for example, adware, AdWare, SpyWare, TrojanSpy, TrojanDownloader, etc.).
To check your system and flash drive, you must use special utilities.
3) The radical way: formatting the drive
Another way to completely remove viruses from a flash drive (and with them all files from it, be careful!) is to format the drive.
To start formatting, just open “My Computer”, right-click on the flash drive and select “Format …” from the menu.
4) Prevention: how to protect yourself from a new virus
- Install one of the modern antiviruses on the system, and update it regularly.
- Configure your system so that auto-launch of applications from plug-in CD/DVD and USB drives is disabled.
- If as you work, you often have to connect your USB flash drive to other computers, then before opening any files from it on your system, check it for viruses.
- Those documents that you carry on a flash drive would not be superfluous to have on your hard disk (such a copy can help if the flash drive is lost, or the virus irrevocably spoils the files on it).
Picture Credit: Unsplash
If you do not have a full-fledged antivirus on your computer, or you want to double-check its performance, then one of the best solutions is to use online antivirus.
This antivirus can work in three main areas:
- check the specific file that you upload to them in the service;
- check the suspicious link (which you want to follow, but are afraid);
- check fully the system and all your drives displayed in Windows.
However, it is impossible to verify the system completely with just one site (because for security reasons sites are not allowed to access your drives)!
But online antivirus has a client, after downloading which, you only need to run it and agree to the scan (it does not need to be installed, registered, configured, updated, etc.), which is convenient and saves a lot of time.
Very powerful and simple scanner from the notorious company ESET. Designed not only to remove classic viruses but also to potentially dangerous software.
The product is completely free, it works immediately after launch. Special settings do not require. The client weighs only about 6 MB, which allows it to be downloaded even to a PC where there is no high-speed Internet access.
To start a system scan, just download and run a 512 KB file! Then your system and memory will be automatically checked and cleaned of malicious elements.
The utility works fully automatically! Its one of the fastest means of checking your PC: from the moment you go to the developer’s site to the start of the scan, it will take no more than 10 seconds!
A product from the famous manufacturer Trend Micro. Allows you to quickly check any drives, flash drives, system, memory, etc. for the presence of malicious elements: viruses, trojans, adware.
In the settings, you can specify a specific drive for verification. After scanning and cleaning your system, the program automatically “collapses” and leaves no traces in Windows.
A very good product from a renowned manufacturer. Allows you to run an anti-virus scan of your computer for malware in a matter of seconds.
In addition, the program will check your current security and inform you, if there is a problem with your current antivirus, is it configured correctly, whether the database updates, firewall settings, etc.
Picture Credit: Unsplash
It is worth noting that all antivirus programs in this list are completely free and, above all, safe. The list of the best antivirus programs changes regularly, as developers change and improve something every time, and sometimes completely refuse to provide services for free.
It should be noted that all of these antiviruses have paid versions. We did not consider them. The selection includes only free solutions without time limits. In other words, selected antivirus that does not ask for payment after a few weeks or months of use.
Avira Free Antivirus
Avira Free Antivirus is a comprehensive solution for protecting your computer from any malware. The complex checks not only files, but also potentially dangerous Internet connections, and thanks to the extension for popular browsers – even malicious websites.
The best part is that Avira doesn’t put a lot of strain on your computer. After installing a full set of security, the computer does not begin to spend 90% of its resources to support the life of the antivirus, which is especially important for owners of budget computers and laptops.
AVG AntiVirus Free
AVG AntiVirus Free is an excellent antivirus, the developers of which have made the main bet on protection against phishing. And this is very commendable. Despite the increase in computer literacy, more and more Internet users are becoming victims of phishing attacks. By installing AVG, you will most likely protect yourself from scammers.
However, both regular viruses and Trojans are successfully detected by the antivirus – the database is updated regularly. The only downside to AVG is the forced installation of the extension for the AVG SafePrice browser. If you are installing AVG, be sure to keep this in mind and remove the extension if necessary.
Panda Free Antivirus
Panda Free Antivirus is very different from most other antivirus programs. First of all, the interface. Here it is unusual but attractive and easy to use.
Panda has a built-in free VPN – a trifle, but nice. But the main thing, Panda has a special emergency mode. It is activated if the computer has been affected by viruses or by the user and has stopped turning on. In this case, the antivirus allows you to perform a recovery.
Avast Free Antivirus
One of the best free antivirus Avast is not going through the best of times. This is largely due to the fact that the antivirus has become frequent and intrusive to request the transition to the paid version. Of course, not everyone likes it.
However, like an antivirus, Avast is still good and as easy to use as possible. The user only needs to give permission to conduct intelligent scanning once in a certain period of time and that’s it. Then Avast will figure it out itself, including it will automatically and quietly check files for potential threats in real-time. Another plus of Avast is a large number of additional features.
Picture Credit: Unsplash