In the second half of 2020, G DATA specialists registered 85 percent more attacks than in the first 6 months of the year. Most of the attacks were the responsibility of the Emotet network, after which we can expect the emergence of new pests.
The coronavirus epidemic did not do good for IT security. G DATA expert Tim Berghoff is of the opinion that many of last year’s cyber attacks were successful because companies rushed to their home offices. Companies that did not provide secure remote access to their network, where employees started working from their own, non-up-to-date devices, were more likely to fall victim. . 76 new malware variants appeared every minute in 2020, with an average of 45,000 new computer viruses threatening IT systems in Germany every day.
Emotet was a real Swiss Army knife
Last year, the recently disconnected Emotet was the number one weapon of cybercriminals. Nearly 900,000 new variants have been discovered by G DATA experts, an extraordinary increase from 70,000 in 2019. The pest first appeared in 2014, when it was only deployed as a banking trojan and used to steal IDs. However, the improvements have made it suitable for spreading spam and extorting blackmail viruses such as Trickbot and Ryuk. The botnet network could be rented and used by anyone through the underworld channels, but Europol’s comprehensive operation enabled its infrastructure to be deactivated.
Top 10 pests of 2020
New claimants to the throne
Last year’s second most common pest, Qbot, uses the trick of joining an ongoing email chain by sending a fake reply letter . If someone exchanges 2-3 emails with a mailing partner and then receives another message that appears to belong to that conversation, they will be less suspicious. However, the attachment of a fake email contains the malware or a link to it leads to an infected website. Qbot was originally a banking trojan, but in the meantime it has also evolved into a multi-purpose attacker.
Security flaws in applications and operating systems are the starting point for many successful attacks. Two of these cases stood out last year, Shitrix and Sunburst.
Shitrix is one of the most dangerous vulnerabilities discovered in recent years, through which random applications can be run remotely in a Citrix ADC application. In Germany, more than 5,000 companies were at risk, including critical infrastructure operators such as hospitals, energy providers and public authorities.
Finally, at the end of last year, a number of government agencies and private companies discovered that they had been the victim of an attack. The malware came through Solarwinds network management software, one of the updates of which was infected by cybercriminals.
Hardware, software, tests, curiosities and colorful news from the IT world by clicking here!