Report highlights how cybercriminals have shifted tactics in response to pandemic induced changes to working practices
- Published: Wednesday, 17 February 2021 10:38
Malwarebytes has announced the findings of its annual ‘State of Malware’ report. This highlights how cybercriminals ditched many of their old tactics in response to the global pandemic forcing many employees to quickly become a remote workforce. Cybercriminals placed a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks. As a result, the State of Malware Report found a notable shift in the devices targeted and strategies deployed by cybercriminals.
2020 saw several high-profile cyber security incidents including: Marriott’s breach with 5.2 million impacted guests; high-profile account hacks on Twitter—which included former President Barack Obama, Jeff Bezos, and Elon Musk; and the far reaching impacts of the nation-state attack on FireEye and SolarWinds executed through the supply chain. These attacks underscore just how vulnerable even the most secure organizations or individuals are when targeted by determined and skilled cybercriminals.
“This past year has taught us that cybercriminals are increasingly formidable, planning long-term, strategic, and focused attacks that are sometimes years in the making. 2020 continued to show us that no company is immune, and there is no such thing as ‘safe enough,’” said Marcin Kleczynski, CEO of Malwarebytes. “The COVID-19 pandemic compounded this with new challenges in securing remote workforces, making it essential that we quickly become more adaptable and learn how to better protect workers in any environment. While our total detections are down this year, we must remain vigilant. The threats we are seeing are more refined and damaging than ever before.”
Despite an overall drop in detections for Macs and Windows in 2020, it’s clear that the COVID-19 pandemic influenced the cybercrime world so much that many anticipated campaigns either never arrived, arrived with less impact, or were replaced entirely with attacks more suited against users during a pandemic.
In 2020, Malwarebytes observed an overall decline of 24 percent of Windows detections across businesses and an 11 percent decline for consumers. Overall, there was a 12 percent decline in Windows detections across the board, regardless of whether they’re business or consumer users. The dramatic drop in business detections between 2019 and 2020 is most likely due to many employees no longer working in offices in 2020. However, Mac detections for businesses surprisingly jumped 31 percent year-over-year.
Mac detections in 2020 fell from the all-time high previously reported for 2019, with overall detections decreasing by more than 37 percent. While the number of business detections was up 31 percent, consumer Mac detections were down 40 percent.
PCs weren’t the only devices to experience a shift in malicious activity. Climbing the detection charts in 2020 was an Android malware called FakeAdsBlock, which produces an alarming number of non-stop ads, accounting for 80,654 detections. HiddenAds was found to be the most prevalent mobile adware application. This Trojan, which aggressively assaults users with ads, racked up 704,418 detections, an increase of nearly 150 percent year-over-year.
Additional key findings from the report include:
• Although Windows detections for businesses decreased, detections for hacktools and spyware tools meant to compromise security and/or collect information on the victim increased dramatically – by 147 percent and 24 percent, respectively.
- Overall, Potentially Unwanted Programs (PUPs) represented more than 76 percent of threat detections for Macs, while adware represented about 22 percent. Meanwhile malware only accounted for 1.5 percent.
- When comparing organizational size and Mac threat detections, medium to large businesses experienced mostly adware, which accounted for almost two-thirds of detections, while small businesses experienced primarily PUPs, clocking in at almost 95 percent of all detections.
- Among the top five threats for both businesses and consumers were the Microsoft Office software cracker KMS, the banking malware Dridex, and the cryptocurrency mining BitCoinMiner.
- Detections for the most notorious business threats Emotet and Trickbot fell by 89 percent and 69 percent, respectively, though the operators behind these threats pulled off several notable attacks in 2020.
- A banking trojan called Bankbot, which steals payment information using fake login screens, saw a huge spike, amassing a 3,841 percent surge in Android detections.
- Ransomware became more targeted in 2020. Despite not hitting the higher detection numbers, attackers made more money demanding payment for not posting stolen data than they did from victims who paid the ransom just to decrypt their files. This was true for the ransomware family REvil, or Sodinokibi, which claimed to net $100 million, much of which came from extortion threats.
- Government-funded program pushes pre-installed mobile malware: Malwarebytes twice uncovered pre-installed malware on phones provided by Assurance Wireless through the US government-funded Lifeline Assistance program. Pre-installed malware is one of the thorniest challenges for customer support workers and customers themselves, as this type of malware comes pre-installed on new mobile devices and most remain unremovable.
- Taking aim at industry: the agriculture industry suffered through a 607 percent increase in threat detections, while detections for the food and beverage industry increased by 67 percent. More traditional targets all dropped in detections by varying degrees – education fell 17 percent, healthcare dropped 22 percent, and automotive declined by 18 percent.