Truemag

  • Subscribe
    • New Subscription
    • Account Updates
    • Customer Service
  • News & Events
    • News
    • Events
  • Advertise
    • Media Kit
    • Reprints
    • Contacts
  • Editorial
    • Podcasts
    • Current Articles
    • Digital Editions
    • eNewsletter
    • Editor’s Desk
    • Edit Calendar
    • Contacts
  • Buyers Guide
    • Search
    • Sponsor Index
    • Vendor Update
  • Annual Software Ranking
    • Ranking Form
    • Annual Software Ranking
    • 2018 Software Ranking File Package

Online Extortion, Data Theft Gain Traction Among Cyber Criminals

03.30.2021

Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations highlighted in an attack landscape update published today by cyber security provider F-Secure.

One of the most notable trends highlighted in the update is the evolution of ransomware – attacks that extort organizations by preventing them from accessing their data. 2020 saw an explosion of ransomware that also steals data, giving the attackers more leverage over their victims. If organizations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims to pay.

This evolution, referred to as Ransomware 2.0 in the report, was a significant development in 2020. Only one ransomware group was observed using this type of extortion in 2019. By the end of 2020, 15 different ransomware families had adopted this approach. Furthermore, nearly 40% of ransomware families discovered in 2020, as well as several older families, were known to also steal data from victims by the end of last year.

“Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information,” explained Calvin Gan, a Senior Manager with F-Secure’s Tactical Defense Unit. “Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”

Based on developments in the latter half of 2020, the report highlights several other significant cyber security trends, including:

Attackers’ use of Excel formulas – a default feature that cannot be blocked – to obfuscate malicious code tripled in the second half of 2020.

Outlook was the most popular brand spoofed in phishing emails, followed by Facebook Inc. and Office365.

Nearly three-quarters of domains used to host phishing pages were web hosting services.
Email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in cyber attacks.
Malware that automatically collects data and information from victims (infostealers) continues to be a threat; the two most prevalent malware families in the latter half of 2020 were both infostealers (Lokibot and Formbook).

61% of vulnerabilities found in corporate networks were disclosed on or before 2016, making them at least 5 years old.

Additionally, in a retrospective look at the notable supply chain attacks from the last 10 years, the report highlights that over half of them targeted either utility or application software and expresses hope that last year’s SolarWinds hack draws greater attention to the impact these attacks can have.

“In security, we place a lot of emphasis on organizations protecting themselves by having strong security perimeters, detection mechanisms to quickly identify breaches, and response plans and capabilities to contain intrusions. However, entities across industries and borders also need to work together to tackle security challenges further up the supply chain. Advanced persistent threat groups are clearly ready and willing to compromise hundreds of organizations through this approach, and we should work together to counter them,” said Gan.

The full report, Attack landscape update: Ransomware 2.0, automated recon, supply chain attacks, and other trending threats, is now available at https://blog.f-secure.com/attack-landscape-update-h1-2021/.

f-secure.com

Mar 30, 2011Cassie Balentine
Prismatic Launches Embedded Integration Platform for B2B Software CompaniesDenodo Launches New Data Integration Solution in the Cloud
Product Centrics
TrueNAS Open Source Storage Platform brings Full Windows ACL Support to Linux

Fully featured Windows file system ACLs are well supported in TrueNAS 12.0 (CORE and Enterprise), but not generally supported by Linux. Thanks to some innovation, and sweat from the iXsystems engineering team, TrueNAS SCALE 21.08...

Driving Successful Digital Transformation Initiatives in 2022

Well, the end of the year is the perfect time to reflect on all the past year's activities and plan for the coming year. As we plan for 2022, one thing...

Recovery Platforms

Established in 2013, Imanis Data, previously Talena...

Data Driven Efficiency

Founded in 2003, Tableau is a public software company...

Updated Hitachi CRM

Building Product Manufacturers (BPM) require...

Quick Links
Untitled Document
SW500 SW500 SW500 SW500 SW500
2022 © Rockport Custom Publishing, LLC