Story image

Cyberattacks becoming increasingly targeted in nature, research finds

The number of unique cyber incidents have increase for third quarter of 2019, according to a new report on the cybersecurity threatscape from Positive Technologies. 

On top of the threat increases, the report found a large amount of activity by APT groups engaged in targeted attacks, and a two-to-one greater incidence of data theft in comparison to direct financial gain as an attack motive, were amongst the biggest trends for the quarter.

The report found targeted attacks continue to outnumber mass attacks. Targeted attacks accounted for 65% of the total in Q3, compared to 59% in Q2. The most common targets for attackers are governments, industry, finance, science, and education.

In Q3, the share of cyberattacks aimed at data theft grew to 61% of all attacks on organisations and 64% of all attacks on individuals (compared to 58% and 55%, respectively, in the second quarter). The share of attacks with direct financial motivation was 31%.

One out of five attacks was directed against individuals, the report found. Almost half (47%) of all data stolen from individuals consisted of credentials (usernames and passwords). In attacks on organisations, personal data made up 25% of all stolen information.

The research noted a reduction in cryptocurrency miner attacks, to just 3% of attacks against organisations and 2% of attacks against individuals. This may be due to the gradual transition by attackers to malware with multifunction capabilities, Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies says. 

"One example is the Clipsa Trojan, which can stealthily mine cryptocurrency, steal passwords, tamper with addresses of cryptocurrency wallets, and launch brute-force attacks against WordPress sites," she explains.

Galloway says social engineering remains as popular as ever among attackers, and actually almost doubled in use between Q2 and Q3 - from 37% to 69%.

"Cybercriminals steal millions by forging messages and sending phishing emails. They present themselves as belonging to a trusted company and send an invoice with their own bank account number. This has generated some major returns for criminals targeting large organisations," she says.

"For example, Cabarrus County, North Carolina received an email stating that the account number of the county's construction contractor had changed and - not realising that the message was a fake - the county transferred $2.5 million to an account belonging to cybercriminals instead of the contractor," says Galloway.

Galloway says malware infections are increasing as well. 

Three quarters of attacks on organisations, and almost two thirds of attacks on individuals, involved malware infections. 

"While infection of corporate infrastructure usually starts with a phishing email, infection of individuals tends to involve compromised websites, as was the case in 35% of attacks on individuals," she explains.

During the quarter, the PT Expert Security Center (PT ESC) regularly detected attacks by APT group TA505. The group's arsenal includes Dridex (a banking Trojan), Cryptomix (ransomware signed with certificates issued to dummy legal entities), ServHelper and FlawedAmmyy (remote administration Trojans), as well as Upxxec (a plugin able to detect and disable a large range of antivirus software). The PT ESC also detected attacks by APT groups such as RTM, Cobalt, Bronze Union, APT-C-35, KONNI, and Gamaredon.

Positive Technologies also found in late summer that Emotet, one of the world's largest botnets, resumed operations after a lull of several months. The botnet's operators offer malware as a service (MaaS): by providing access to Emotet-infected computers, they enable other cybercriminals to infect victims with yet more malware, such as Trickbot and Ryuk. 

The company says the majority of cyberattacks are not made public due to the reputational risks they present. 

"Our experts regularly publish their own statistics and research in order to draw the attention of companies and ordinary individuals who care about the state of information security to the key motives and methods of cyberattacks, as well as to highlight the main trends in the changing cyberthreat landscape," adds Galloway.