15 Jul 2021
Story image

Cyber incidents on the rise as ransomware accounts for two thirds of all malware attacks

By Shannon Williams

Ransomware accounts for two thirds of all malware attacks, according to a new report from Positive Technologies

Positive Technologies unveiled its Cybersecurity Threatscape Q1 2021 research report, which found cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customising malware for attacks on virtual infrastructure.

The quarterly report shares information on relevant global cybersecurity threats, with data based on Positive Technologies expertise and investigations, as well as data from authoritative sources, produced for companies and citizens concerned with the state of information security. It looks at cyberattack key motives and methods, and highlights changing cyberthreat landscape trends.

According to the research, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total. 

Cybercriminals attacked government institutions, industrial companies, scientific organisations, and educational institutions the most. Their main targets are personal data and credentials, and attacks on organisations are also aimed at stealing commercial secrets.

The research shows that ransomware remains the most common malware. Its share, among other malware used in attacks on organisations, increased by seven percentage points compared to Q4 2020, now accounting for 63% of all malware. The report also finds Q1 saw several new pieces of ransomware emerge -- for example, Cring, Humble, and Vovalex. And WannaCry is reported to be running rampant again, which made a name for itself in 2017.

"Malware developers keep looking for new ways to bypass security tools," says Positive Technologies analyst, Yana Yurakova. 

"They are using unpopular programming languages to fly under the radar, as in the case of BazarBackdoor (a remote access tool), which was rewritten in Nim. The operators of Vovalex and RobbinHood (ransomware programs) chose uncommon languages such as D and Golang, respectively, from the get-go," she says.

"Some attackers upgrade their tools with features that erase traces of malicious activity."

The report also finds the ransom amounts demanded by ransomware operators continue to grow, and due to the fact that some companies refuse to pay, attackers come up with new extortion tactics for example, they threaten to report the attack and data theft to a victims customers, expecting that the customers will persuade the company to pay a ransom to prevent the disclosure of their personal data.

More and more cybercriminals are developing malware to conduct attacks on virtualisation environments, and some are aggressively trying to exploit vulnerabilities already found in software for deploying virtual infrastructure. The experts link this primarily to the global process of moving corporate IT infrastructure into a virtual environment.

Dmitry Serebryannikov, director of security analysis, Positive Technologies, says, "Attackers carefully monitor information about new vulnerabilities and try to find a use for these in their attacks as soon as possible. 

"In early 2021, Positive Technologies researchers helped eliminate several critical vulnerabilities in VMware products, including CVE-2021-21972 in vCenter Server, which allowed remote code execution," he says.

"After the vendor's security updates appeared in early February and the bulletin was published, Bad Packets researchers discovered multiple network scans conducted to find vulnerable hosts. We strongly recommend installing the security updates as soon as possible."

The research also finds the number of attacks targeting IT companies remains consistently high for the second quarter in a row. In 15% of cases during Q1 2021, hackers targeted IT companies to conduct an attack on their customers or to steal customer data. At the beginning of 2021, there were still reports in the media about new victims of the attack on SolarWinds.

Recent stories
More stories