Announcement of 09. September 2021

G DATA threat report: Attacks without malware on the increase

Cyber criminals continue to concentrate on attacking companies

The current threat report from G DATA CyberDefense shows a significant decline in the number of averted attacks in the first half of 2021 compared to the same period last year. The reason for this is that malware is no longer the only method used for attacks. The threat level facing businesses remains high.

The number of averted cyber attacks has fallen by more than 40 percent compared to the first half of 2020. This is documented in the latest threat report from G DATA for the first half of 2021 compared to the same period last year. The sharp decline also reflects the extremely high numbers in 2020. In the second quarter of 2020 especially, cyber criminals were concentrating on exploiting people's uncertainty that resulted from the effects of the pandemic. This led to a massive increase in averted attacks during that period (up 156 percent). The decrease from the first to the second quarter of 2021 is 15.6 percent. However, the current figures also confirm the growing trend for businesses to be the focus of attacks.  While the number of averted attacks on private customers has fallen by almost 20 percent, the decline in the corporate environment is just some three percent.

Tim Berghoff

The era of large-scale attacks is over. Cyber criminals are increasingly targeting companies in their attacks. We think that a lot of have yet to notice that they fell victim to cyber attacks following to the often hasty move to working from home last year.

Tim Berghoff

Security Evangelist at G DATA CyberDefense

Targeted approach

Cyber criminals continue to exploit existing vulnerabilities for targeted attacks. In the first six months of the year especially, various criminal groups actively exploited a number of major security vulnerabilities in Microsoft Exchange servers and infiltrated corporate networks.

Another example of cyber criminal activity is what is known as the AMSI bypass. Attackers repeatedly try to bypass the Antimalware Scan Interface (AMSI) developed by Microsoft. Security solutions actually scan applications for malicious activity using AMSI. However, malware authors try to use automated tools to switch off this interface or find a way around it - especially when using fileless malware.

Malware Top 10: Remote Access Trojans form the majority

QBot continues to be not only one of the most active malware programs, but also one of the most dangerous. This successor to Emotet was used in the majority of the latest attacks during the first half of the year. Originally a banking Trojan, the malware has also been gradually developed into an all-purpose weapon for cyber criminals by the attackers. Numerous Remote Access Trojans (RATs) continue to be active. Seven of the ten most active malware programs belong to this group. RATs enable remote control and administrative monitoring of a third-party computer without the user noticing. Among other things, attackers can view the victim's desktop, log keystrokes, access the camera, steal the login information stored in browsers or upload and download files.

Position Name Type
1 (3) QBot Remote Access Trojan
2 (2) njRAT Remote Access Trojan
3 (1) Trickbot Malware Distributor
4 (-) XRedRAT Remote Access Trojan
5 (5) RemcosRAT Remote Access Trojan
6 (-) Dridex Information Stealer
7 (-) Tofsee Remote Access Trojan
8 (-) NanoCore Remote Access Trojan
9 (-) Musecador Trojans
10 (10) AMRat Remote Access Trojan

Malware-as-a-Service: Gootloader

A look at the current wave of attacks from the Gootkit malware family illustrates just how devious cyber criminals have been in developing their attack efforts. The malware authors have developed Gootloader in such a way that it can reload and install various malware. In the process, the attackers push up their own pages with search engine poisoning. These look like legitimate pages, so that even technically savvy users fall victim to such deception.

 Tim Berghoff

Despite the falling numbers, we still cannot breathe easy. Rather, companies should do their homework and secure their IT. Technical measures are important, but it is just as important to train staff in dealing with dangers - because today’s risks consist of far more than just malware.

Tim Berghoff

Security Evangelist at G DATA CyberDefense

Media:

Announcement of 09. September 2021