Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,556
- Points
- 113
Positive Technologies report on cybercrime trends.
In the third quarter of 2023, cybercriminals continued to target organizations and individuals for extortion. According to a study by Positive Technologies, attackers refused to encrypt data and threatened to disclose it if the ransom was not paid. Experts also noted new unusual methods of social engineering and techniques of ransomware operators.
Exploiting vulnerabilities remains one of the leading methods of attacking organizations (37% of all incidents). Attackers actively used the shortcomings of popular IT solutions for criminal purposes. This highlights the importance of regular software updates and security.
In the third quarter, the share of attacks using malware remained at the level of the previous quarter and amounted to 45%. Throughout the quarter, ransomware demanded a ransom for non-disclosure of information, refusing to encrypt systems in a number of attacks.
"Cryptographers are still the most frequently used type of malware in attacks on organizations, but their share decreased by 6 percentage points compared to the previous quarter," said Positive Technologies. — In our opinion, the decline in the effectiveness of cryptographers was influenced by the spread of decryptors, as well as the gradual transition of ransomware to blackmail by disclosing stolen information without encrypting compromised systems and data. In some cases, when an organization refuses to pay the ransom, attackers directly contact victims-clients of affected organizations, offering them the opportunity to pay for the deletion of their data. Another interesting trend was "double listing", when two groups of ransomware claim an attack on the same organization at once, demanding a ransom."
The company also drew attention to the unique method used by the group Ransomed.vc. Positioning their malicious activity as a "penetration testing service", attackers actively use the legal regime of the EU General Data Protection Regulation (GDPR): if the victim does not pay the required ransom, Ransomed.the VC publishes stolen information, which leads to a fine for the organization. The expert called this technique "blackmail in the law".
According to Positive Technologies, in the third quarter, the share of attacks using spyware in attacks on individuals increased (65%). In successful attacks on organizations, the percentage of cases of spyware infection remains the same (20%). More than half of organizations infections with various types of malware occurred via email (57%). The main method of distributing HPE among individuals remained websites (49%), the share of which increased by 9 percentage points compared to the second quarter.
Social engineering remains the main threat for individuals (92%) and one of the main threats for organizations (37%). The attackers continued to exploit the topics of employment, political events and quick earnings for phishing, including with the help of cryptocurrencies, and also disguised themselves as delivery services.
Positive Technologies experts note that social engineering methods are constantly evolving. The attackers used sophisticated tactics to instill a false sense of security in the victim. Fraudsters used modular tools to create convincing phishing sites and correspondence, and also carried out multi-stage attacks: they achieved a criminal goal in several steps, combining various methods of deception. In a number of attacks, cybercriminals used compromised IT systems of companies to attack their customers and partners, as in the case of an attack on hotels hosted on the Internet. Booking.com. Positive Technologies predicts an increase in attacks using neural networks, which are gradually replenishing the arsenal of intruders.
Experts recommend staying vigilant on the web, not following suspicious links, and not downloading attachments from unverified sources. You should be suspicious of urgent requirements or overly favorable offers.
Successful attacks most often resulted in data leaks (56% of successful attacks against organizations and 61% against individuals). Direct financial losses were the second most common consequence of attacks on individuals (35%). Core business disruption was again the second most frequent result of successful attacks on organizations (36%), but its share decreased by 8 percentage points compared to the second quarter due to the decline in the use of encryption in extortion. Nevertheless, experts recommend not to discount cryptographic attacks, as they usually cause serious consequences, as in the case of an attack on government offices in Sri Lanka, which resulted in the loss of electronic correspondence for a little over three months.
To protect devices from infection, experts recommend using sandboxes that allow you to analyze the behavior of files in a virtual environment, detect malicious activity, and prevent damage to the company in time. To protect against encryption, we recommend that you do not neglect backups.
In the third quarter of 2023, cybercriminals continued to target organizations and individuals for extortion. According to a study by Positive Technologies, attackers refused to encrypt data and threatened to disclose it if the ransom was not paid. Experts also noted new unusual methods of social engineering and techniques of ransomware operators.
Exploiting vulnerabilities remains one of the leading methods of attacking organizations (37% of all incidents). Attackers actively used the shortcomings of popular IT solutions for criminal purposes. This highlights the importance of regular software updates and security.
In the third quarter, the share of attacks using malware remained at the level of the previous quarter and amounted to 45%. Throughout the quarter, ransomware demanded a ransom for non-disclosure of information, refusing to encrypt systems in a number of attacks.
"Cryptographers are still the most frequently used type of malware in attacks on organizations, but their share decreased by 6 percentage points compared to the previous quarter," said Positive Technologies. — In our opinion, the decline in the effectiveness of cryptographers was influenced by the spread of decryptors, as well as the gradual transition of ransomware to blackmail by disclosing stolen information without encrypting compromised systems and data. In some cases, when an organization refuses to pay the ransom, attackers directly contact victims-clients of affected organizations, offering them the opportunity to pay for the deletion of their data. Another interesting trend was "double listing", when two groups of ransomware claim an attack on the same organization at once, demanding a ransom."
The company also drew attention to the unique method used by the group Ransomed.vc. Positioning their malicious activity as a "penetration testing service", attackers actively use the legal regime of the EU General Data Protection Regulation (GDPR): if the victim does not pay the required ransom, Ransomed.the VC publishes stolen information, which leads to a fine for the organization. The expert called this technique "blackmail in the law".
According to Positive Technologies, in the third quarter, the share of attacks using spyware in attacks on individuals increased (65%). In successful attacks on organizations, the percentage of cases of spyware infection remains the same (20%). More than half of organizations infections with various types of malware occurred via email (57%). The main method of distributing HPE among individuals remained websites (49%), the share of which increased by 9 percentage points compared to the second quarter.
Social engineering remains the main threat for individuals (92%) and one of the main threats for organizations (37%). The attackers continued to exploit the topics of employment, political events and quick earnings for phishing, including with the help of cryptocurrencies, and also disguised themselves as delivery services.
Positive Technologies experts note that social engineering methods are constantly evolving. The attackers used sophisticated tactics to instill a false sense of security in the victim. Fraudsters used modular tools to create convincing phishing sites and correspondence, and also carried out multi-stage attacks: they achieved a criminal goal in several steps, combining various methods of deception. In a number of attacks, cybercriminals used compromised IT systems of companies to attack their customers and partners, as in the case of an attack on hotels hosted on the Internet. Booking.com. Positive Technologies predicts an increase in attacks using neural networks, which are gradually replenishing the arsenal of intruders.
Experts recommend staying vigilant on the web, not following suspicious links, and not downloading attachments from unverified sources. You should be suspicious of urgent requirements or overly favorable offers.
Successful attacks most often resulted in data leaks (56% of successful attacks against organizations and 61% against individuals). Direct financial losses were the second most common consequence of attacks on individuals (35%). Core business disruption was again the second most frequent result of successful attacks on organizations (36%), but its share decreased by 8 percentage points compared to the second quarter due to the decline in the use of encryption in extortion. Nevertheless, experts recommend not to discount cryptographic attacks, as they usually cause serious consequences, as in the case of an attack on government offices in Sri Lanka, which resulted in the loss of electronic correspondence for a little over three months.
To protect devices from infection, experts recommend using sandboxes that allow you to analyze the behavior of files in a virtual environment, detect malicious activity, and prevent damage to the company in time. To protect against encryption, we recommend that you do not neglect backups.
