The current threat analysis by G DATA CyberDefense shows that the number of attacks prevented in March 2020 has increased significantly. The cyber defence company averted almost a third more attacks than in February.
Cyber criminals are quick to sense any opportunity to exploit people’s insecurity. They are using well-known and very effective attack vectors to do so, deploying ransomware and encrypting data to demand ransom money. Users should exercise extreme caution if they find an email in their mailbox promising new coronavirus trackers or cheap protective masks, for example”.
The G DATA CyberDefense threat analysis shows that the number of infections prevented in March 2020 increased by about 30 percent compared to the previous month. And the increase among private users was even higher – the number of averted attacks rose by 46 percent. This enormous growth is also related to the fact that people are spending more time at home and are using private devices online more often, for instance to check the latest news or to order goods in online shops. Private computers are often less well secured than computers in corporate networks.
Cyber criminals are using various ways to exploit the current uncertainty caused by the coronavirus crisis. For example, they are luring people to fake websites or apps relating to coronavirus; these then can install ransomware and lock up the computer. Alternatively, the fraudsters create fake coronavirus emergency assistance websites or apps in order to access personal data such as bank account details and use them for their own fraudulent purposes.
The scattergun approach has had its day
A closer look at the data in our analysis shows that the criminals’ attack methods and tricks have become established. A large proportion of the malware has been in use for several years, but it can still carry out its destructive work because criminals use packers to make it unrecognisable. However, the attackers’ targets have shifted – away from private customers to companies. At the same time, they choose their victims carefully in order to maximise their profits.
Companies have therefore become an attractive target for criminals, especially in the current coronavirus pandemic. Since many companies are currently struggling with economic difficulties, the risk of suffering huge financial damage in the event of a ransomware attack rises significantly. After all, it is precisely now that ransom demands have the potential to drive a company to ruin. On top of that, the switch to the home office has increased the complexity of networks in many companies. However, security has not grown to the same extent, especially where the terminal server or sharepoint is freely available on the Internet to ensure business continuity.
The age of large-scale attacks like Wannacry or NotPetya seems to be a thing of the past. Just how devious cyber criminals can be is demonstrated by the attacks by Emotet, the attackers’ all-purpose weapon. Recently, not only companies but even public authorities have fallen victim to an Emotet attack. Public administrations not only have valuable –data – usually personal data of citizens – but often also have outdated and poorly secured networks as well. This makes life easy for the attackers.