The world, and businesses, adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume, says Raj Samani, McAfee fellow and chief scientist at the cyber security firm. The company has released its Threats Report: April 2021, on cybercriminal activity in malware such as ransomware (typically the Cryptodefense. REvil, Thanos, Ryuk, RansomeXX and Maze groups) and the evolution of cyber threats in the third and fourth quarters of 2020.
Samani, pictured, says: “Though a large percentage of employees grew more proficient and productive in working remotely, enterprises endured more opportunistic COVID-19 related campaigns among a new cast of bad-actor schemes. Furthermore, ransomware and malware targeting vulnerabilities in work-related apps and processes were active and remain dangerous threats capable of taking over networks and data, while costing millions in assets and recovery costs.”
Cybercriminals worked feverishly to launch covid-19-themed attacks on a workforce coping with pandemic restrictions and the potential vulnerabilities of remote device and bandwidth security, the cyber firm says. As the pandemic began to surge, McAfee saw a 605pc increase in the second quarter of 2020. These attacks again increased by 240pc in the third quarter and 114pc in the fourth. The cyber company observed nearly 3.1 million external attacks on cloud user accounts. This is based on the aggregation and anonymisation of cloud usage data from more than 30 million McAfee MVISION cloud users during the fourth quarter of 2020.
The top MITRE ATT&CK techniques observed by the firm in the last half of 2020 included System Information Discovery, Obfuscated Files or Information, File and Directory Discovery, Data Encryption for Impact, Stop Services, Process Injection, Process Discovery, Masquerading Techniques, and Exploits of Public Facing Applications. System Information Discovery was one of the more notable MITRE techniques in the campaigns, McAfee says. The malware in these campaigns contained functionality that gathered the OS version, hardware configuration and hostname from a victim’s machine and communicated back to the threat actor.
For more from the report visit https://www.mcafee.com/.
Meanwhile FireEye has brought out its Mandiant 2021 report. The US firm has observed a reduction in global median dwell time (defined as the duration between the start of a cyber intrusion and when it is identified). This measure went from over one year in 2011 to just 24 days in 2020 – that’s more than twice as quickly identified in comparison to last year’s report with a median dwell time of 56 days. Mandiant puts this down to improved organizational detection and response, and a surge of multifaceted extortion and ransomware intrusions.
Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant says: “While organizations continue to improve their ability to discover compromises within their environments, containing adversaries today comes with unique challenges. The consequences of a global pandemic forced companies to rethink how they operate and move to a remote workforce. This change resulted in VPN infrastructure, video conferencing, collaboration and knowledge sharing platforms becoming business-critical systems and changing the attack surface of organizations. In many cases, regular employees became responsible for connectivity and cybersecurity. While Business and Professional Services has been in the top five most targeted industries since 2016, we believe the sudden boost in business services necessary for remote working has made this industry the most targeted in 2020 by cybercriminals and state-sponsored threat actors.”
Visit https://www.fireeye.com/mtrends.
