Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are some of the critical threats facing organizations highlighted in F-Secure’s latest attack landscape update.
According to the report, a new type of extortion researchers have dubbed Ransomware 2.0 has grown significantly since its first appearance in late 2019. While the COVID pandemic brought many businesses to a halt in 2020, increasing numbers of ransomware families began stealing data and threatening to leak it in addition to encrypting it during their attacks. Nearly 40% of ransomware families discovered in 2020, as well as several older families, demonstrated data exfiltration capabilities by the end of last year.
The reason ransomware operators steal data before they encrypt it is so that they can threaten to leak it in order to exert more pressure on victims to pay ransoms. The Maze ransomware group was the first to do this in late 2019. But by the end of 2020, this approach was being used by 15 different ransomware families.
Other trends discussed in the report include:
- Attackers’ use of Excel formulas – a default feature that cannot be blocked – to obfuscate malicious code tripled in the second half of 2020.
- Outlook was the most popular brand spoofed in phishing emails, followed by Facebook Inc. and Office365.
- Nearly three-quarters of domains used to host phishing pages were web hosting services.
- Email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in cyber attacks.
- Malware that automatically collects data and information from victims (infostealers) continues to be a threat; the two most prevalent malware families in the latter half of 2020 were both infostealers (Lokibot and Formbook).
- 61% of vulnerabilities found in corporate networks were disclosed on or before 2016, making them at least 5 years old.
Full details on these and other trends are available in the report.Get the report