Cyber crooks eye more lucrative targets 

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 25 Jun 2021

The first quarter of 2021 saw the volume of new malware threats average 688 threats per minute, an increase of 40 threats per minute over Q4 2020.

In addition, there was a 51% decrease in ransomware as bad actors shifted from low-return, mass-spread ransomware campaigns toward fewer, customired Ransomware-as-a-service (RaaS) campaigns targeting larger, more lucrative entities.

Campaigns using one type of ransomware to infect and extort payments from many victims are notoriously “noisy” in that hundreds of thousands of systems will, in time, begin to recognise and block these attacks.

By enablingcyber criminals to launch unique attacks, RaaS affiliate networks are allowing adversaries to lessen the risk of detection by large organisations’ cyber defences and then paralyse and extort them for large ransomware payments.

These were some of the findings of the McAfee Threats Report: June 2021 which looks at cyber criminal activity related to malware and the evolution of cyber threats in the first quarter of the year.

The report is based on in-depth research, investigative analysis, and threat data gathered by the the company’s Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.

In addition, REvil was the most detected ransomware this quarter, followed by the RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, WastedLocker, Conti, Maze and Babuk strains.

Raj Samani, McAfee fellow and chief scientist, says attackers will continue to change their tactics to combine whatever tools help them to get the most money with the least effort and risk.

At one time they used ransomware to extract small payments from millions of individual victims. Now, RaaS is the order of the day, holding organisations hostage and extorting huge sums for the malefactors.

The security giant also noted a spike in 64-bit CoinMiner applications which drove the growth of crypto-currency-generating coin mining malware by 117%.

“The takeaway from the ransomware and coin miner trends shouldn’t be that we need to restrict or even outlaw the use of cryptocurrencies,” he adds.

“Criminals counter defenders’ efforts by simply improving their tools and techniques, sidestepping government restrictions, and always being steps ahead of defenders in doing so. If there are efforts to restrict crypto-currencies, perpetrators will develop new methods to monetise their crimes, and they only need to be a couple steps ahead of governments to continue to profit.”

Finally, a surge of new Mirai-based malware variants drove increases in malware targeting Internet of things (55%) and Linux (38%) systems.