The expanding attack surface of hybrid workers and students, inside and outside the traditional network, continues to be targeted. Timely collaborations and partnerships between law enforcement as well as the public and private sectors present a significant opportunity to disrupt the cybercrime ecosystem as we enter the second half of 2021. A detailed view of the report and some key findings are on the blog, while the highlights of the report, which was created from data from the first half of 2021, are below:
1) Ransomware Loses More Than Money
Published data shows that the average weekly activity of ransomware in June 2021 was more than ten times compared to the previous year. This data also reveals a consistent and overall steady increase over the course of a year. The attacks have rendered the supply chains of many organizations inoperable, particularly in critical industries, and impacted daily life, productivity and commerce more than ever before. While the most targeted companies are in the telecommunications sector, the telecommunications sector is followed by the public, managed security service providers, automotive and manufacturing sectors. In addition, some ransomware operators have begun to build their strategy around obtaining and selling initial access to corporate networks rather than email-infected files. This shift shows that Ransomware-as-a-Service (RaaS) products that empower cybercrime continue to evolve. Ransomware remains a real threat to all companies, regardless of industry or size. Companies need to take a proactive approach with a zero-trust access approach, network segmentation and encryption, as well as real-time endpoint protection, detection and automated response solutions for secure environments.
2) One in Four Companies Detected Malware
3) Botnet Trends Show Attackers Heading to the Border
Considering the prevalence of detected botnets, it is seen that there is an increase in the activities of these devices. While the rate of companies that detected botnet activity at the beginning of the year was 35 percent, this rate increased to 51 percent after six months. Behind the overall increase in botnet activity in June is the massive increase in TrickBot’s activity. TrickBot initially emerged as a banking trojan in the cybercrime scene but has since evolved into a complex and multi-stage toolkit that supports many illegal activities. The most common overall, Mirai surpassed Gh0st in early 2020 and reigned until 2021. Over time, new features continued to be added to Mirai that would empower cyber attackers. Cybercriminals trying to take advantage of Internet of Things (IoT) devices used by people who work from home or continue their education from home may have played a big role in part of Mirai’s dominance. Gh0st, a remote access botnet that allows attackers to take full control of the infected system, record live webcam images and microphone audio, or download files, is also noticeably active. More than a year after their shift in remote work and learning spaces, cyber attackers continue to target users’ daily habits to take advantage of opportunities. To protect networks and applications, companies need zero trust access approaches to ensure minimal access to the IoT endpoint and devices entering the network.
4) Preventing Cybercrime Keeps Threat Volumes Down
Not every action has an immediate or lasting impact on cybersecurity, but some events in 2021 provide positive developments, especially for those who defend the system. TrickBot’s original developer was prosecuted on multiple charges in June. In addition, the coordinated removal of Emotet, one of the most efficient malware operations in recent history, and the steps taken to disrupt the Egregor, NetWalker and Cl0p ransomware operations, the global work of states to thwart cybercrime and the fight against cyber-attackers, including law enforcement. It shows the success of the teams. Additionally, the impact of some operations has caused many ransomware operators to halt their operations. The aforementioned data showed that the threat activity decreased after the removal of Emotet. After the Emotet botnet went offline, the TrickBot and Ryuk variants remained active but dwindled in volume. While it is difficult to immediately eliminate cyber threats or the supply chains of cyber attackers, these operations have resulted in tremendous success.
5) Techniques of Defensive Avoidance of System Administrators and Increasing Privileges within the System are Preferred by Cybercriminals
Examining the broader threat intelligence reveals valuable insights into how attack techniques are currently evolving. The research analyzed specific malware-specific features identified by examining samples to observe what the cyber attackers were aiming for. The result is a list of negative consequences that the malware could have had if the files used in the attack were run in the target environments. This list shows that cyber attackers are trying to increase their privileges, evade defenses, move between internal systems and leak compromised data, among other techniques. For example, the hooking method was used in 55 percent of the observed privilege escalation studies, and the process injection method was used in 40 percent. This data highlights a high focus on defense evasion and privilege escalation approaches. While these techniques are not new, teams defending systems can be better prepared for future attacks with this updated knowledge. Integrated and AI-powered platform approaches powered by actionable threat intelligence are needed to defend at all edges and identify and remediate the evolving threats companies face today in real time.
Partnerships, Education, AI-Powered Prevention, Detection and Response Technologies Vital
While the government and law enforcement have taken measures regarding cybercrime in the past, the first half of 2021 may be a time of change. Industry vendors are working with threat intelligence companies and other global partner organizations to combine resources and real-time threat intelligence to take direct action against cyber-attackers. Automated threat detection and artificial intelligence remain essential to enable companies to address attacks in real time and mitigate attacks at all edges quickly and at scale. In addition, cybersecurity user awareness training is more important than ever for anyone who is the target of cyber attacks. Everyone needs regular training on best practices to keep employees and the organization safe.
Derek Manky, Head of Security Approaches and Global Threat Partnership at FortiGuard Labs, said:
“We are seeing an increase in effective and devastating cyberattacks affecting thousands of organizations, marking an important turning point in the battle against cybercrime. Now, more than ever, everyone has a role to play in strengthening cyber attack prevention processes. Collaboration must be prioritized to disrupt the supply chains of cybercriminals. Shared data and partnerships can enable more effective responses to emerge and better anticipate future techniques to frustrate attackers’ efforts. In addition to delivering cybersecurity awareness training without interruption, AI-powered prevention, detection and response technologies integrated across endpoints, networks and the cloud are vital to countering cyber attackers.”