ESET, a leader in information security, presents a ranking of the most common cyber threats in 2021. In particular, according to ESET telemetry, the tactics of extortion programs have become more aggressive, and the number of attacks by selecting passwords and phishing emails has increased.
In addition, ESET found DevilsTongue spyware targeting activists and journalists, as well as new activity by Gamaredon and APT Dukes in Europe. The latter has spread phishing messages to diplomats, think tanks, and international organizations in at least 12 countries.
Such threats have often made headlines in recent times, attacking critical infrastructure and large IT vendors. The level of detection of this malware remained stable with several periods of significant growth.
In particular, in the last 4 months, three main waves of the spread of extortion programs have been recorded. These included an attack that shut down Colonial Pipeline, the largest pipeline company in the United States, and an attack on a supply chain using a vulnerability in the Kaseya VSA software.
In both cases, the attackers targeted financial gain, not cyber espionage. In particular, the cybercriminals who attacked Kaseya demanded a ransom of $70 million, which is the highest known to date.
The tactics of extortionist programs have become more aggressive. This led to the involvement of law enforcement agencies, which in turn exposed several groups. However, the same cannot be said of TrickBot, whose number of detected samples has doubled since last year’s disposal.
Threats to information theft
The number of such threats increased by 15.7%. Such growth is quite predictable because, in the age of the Internet, information is a commodity that can easily be monetized by attackers. Among the 10 most common threats in this category were spyware, which took the first 6 places in the list, and backdoors, which took the next 4 steps.
Although banking malware is not in the top ten most common this time, the number of detected samples of this type has also increased.
Threats that spread through e-mail
The number of harmful e-mails also increased during the analyzed period. Among them were mostly phishing and fraudulent reports. E-mail threats peaked in the second half of August 2021, with the most common threat being the DOC/Fraud Trojan. This threat was mainly spread through e-mails in which fraudsters blackmailed recipients with videos of adult content.
The Microsoft brand was most often used in phishing emails. Attackers also often impersonated the DocuSign electronic signature service and the WeTransfer file sharing service, indicating in a letter that they were sending documents to the recipient for download.
Fake payment requests, followed by counterfeit banking communications and delivery of goods, continued to be the most common topic in malicious emails.
At the same time, the topic of COVID-19 was also used in spam emails, and fraudsters pretended to be government agencies and health care organizations to force recipients to share confidential information.
Threats to macOS and iOS
In 2021 the level of threat detection for macOS increased by almost 10%. This is due to an increase in the number of detected Trojans by almost half compared to the previous period. Their activity even outpaced the potentially unwanted programs (PUAs) that previously predominated among the threats to macOS.
The largest number of detected samples fell on the program OSX/Mackeeper PUA, which displays unwanted advertising. It is worth noting that this malware is the first in the ranking of threats to macOS for the second year in a row.
Threats to Android
The activity of such threats increased by almost 33% due to the growing proliferation of spyware, advertising, and banking malware. In particular, the activity of the latter species continued to grow since the beginning of the year, increasing by almost half between May and August.
In addition, the activity of malicious applications for cyberbullying has increased. During the analysis of 86 programs with such functionality, ESET specialists revealed numerous vulnerabilities that could endanger not only the data of the victims but also the spies themselves.
Picture Credit: Pexels