Deep research into Q2, 2021 cybersecurity threatscape shows evolution in attack strategies, and rise in malware created to target Unix systems
Ransomware attacks have reached ‘stratospheric’ levels, now accounting for 69% of all attacks involving malware, according to Positive Technologies’ Cybersecurity Threatscape: Q2, 2021. The research also reveals that the volume of attacks on governmental institutions in particular soared from 12% in Q1 2021 to 20% in Q2. And the company’s Expert Security Center (PT ESC), which focuses on threat intelligence, during the quarter discovered the emergence of B-JDUN, a new RAT used in attacks on energy companies, and Tomiris, new malware that comes with functions for gaining persistence and can send encrypted information about the workstation to an attacker-controlled server.
The research found only a minor rise, 0.3%, in overall attacks from the previous quarter. This slowdown was to be expected as companies took greater measures to secure the network perimeter and remote access systems during a global pandemic and the growth of a dispersed workforce. However, the rise in ransomware attacks in particular—a 45% jump in the month of April alone—should cause grave concern.
On a related note, Positive Technologies identified a ban by Dark Web forums on the publication of posts regarding ransomware operators' partner programs. This indicates that in the near future, these ‘partners’ may no longer have a distinct role—ransomware operators themselves could take over the task of assembling and supervising teams of distributors.
The researchers also note a growing pattern of malware specifically designed to penetrate Unix systems. “We've got used to the idea that attackers distributing malware pose a danger to Windows-based systems,” said Yana Yurakova, Information Security Analyst, Positive Technologies. “Now we see a stronger trend of malware for attacks on Unix systems, virtualization tools, and orchestrators. More and more companies, including larger corporations, now use Unix-based software, and that’s why attackers are turning their attention to these systems."
Among other findings:
- 69% of all malware attacks targeting organizations involved ransomware distributors, a 30% jump over the same quarter in 2020
- There’s been a noticeable change in the landscape for the retail industry—a sharp decrease in attacks with ‘web skimmers,’ accompanied by a rise in interest among ransomware distributors. Ransomware attacks on retailers accounted for 95% of all attacks using malware. This is likely because previous attacks in this industry mostly targeted data—payment details, personal information, credentials, etc. Now, they pursue financial gains more directly through ransoms
- The volume of social engineering attacks targeting retail also increased from 36% in Q1 2021 to 53% in Q2