Nearly 40% of new ransomware families discovered in 2020 use both data encryption and data theft in attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure’s study.
One of the most notable trends highlighted in the update is the evolution of ransomware – attacks that extort organizations by preventing them from accessing their data. 2020 saw an explosion of ransomware that also steals data, giving the attackers more leverage over their victims. If organizations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims to pay.
This evolution, referred to as Ransomware 2.0 in the report, was a significant development in 2020. Only one ransomware group was observed using this type of extortion in 2019. By the end of 2020, 15 different ransomware families had adopted this approach. Furthermore, nearly 40% of ransomware families discovered in 2020, as well as several older families, were known to also steal data from victims by the end of last year.
“Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information,” explained Calvin Gan, a Senior Manager with F-Secure’s Tactical Defense Unit. “Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”
Based on developments in the latter half of 2020, the report highlights several other significant cyber security trends, including:
- Attackers’ use of Excel formulas – a default feature that cannot be blocked – to obfuscate malicious code tripled in the second half of 2020.
- Outlook was the most popular brand spoofed in phishing emails, followed by Facebook Inc. and Office365.
- Nearly three-quarters of domains used to host phishing pages were web hosting services.
- Email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in cyber attacks.
- Malware that automatically collects data and information from victims (infostealers) continues to be a threat; the two most prevalent malware families in the latter half of 2020 were both infostealers (Lokibot and Formbook).
- 61% of vulnerabilities found in corporate networks were disclosed on or before 2016, making them at least 5 years old.
Additionally, in a retrospective look at the notable supply chain attacks from the last 10 years, the report highlights that over half of them targeted either utility or application software and expresses hope that last year’s SolarWinds hack draws greater attention to the impact these attacks can have.
“In security, we place a lot of emphasis on organizations protecting themselves by having strong security perimeters, detection mechanisms to quickly identify breaches, and response plans and capabilities to contain intrusions. However, entities across industries and borders also need to work together to tackle security challenges further up the supply chain. Advanced persistent threat groups are clearly ready and willing to compromise hundreds of organizations through this approach, and we should work together to counter them,” said Gan.