Attack campaigns see global surge in Q4 2019
A 145% increase in attack campaigns across the globe has been noted from October to December 2019.
This was one of the findings of Mimecast Threat Center’s Threat Intelligence Report: RSA Conference Edition. From October to December 2019, the centre analysed more than 202 billion e-mails and rejected 92 billion.
“The most striking observation of the quarter’s research has been the widespread deployment of the Emotet 'dropper' malware on a scale not seen before, across all regions,” the researchers said.
This subscription-based Malware-as-a-Service (MaaS) model equips a wider audience with simple attack methods, and at the same time, keeps older, well-known malware in circulation.
Another finding was that file compression remains an attack format of choice, but Emotet activity via DOC and DOCX formats has increased significantly. Compressed files allow for a more complex, potentially multi-malware payload, but also serve as a very basic means to hide the true file name of any items held within the container.
Moreover, researchers said it is highly likely that bad actors' focus on Emotet indicates a significant redoubling of their efforts onto the attempted delivery of ransomware.
“Emotet is an effective dropper of other malware as it is modular in nature and can deliver a variety of payloads. A number of significant campaigns utilising Emotet have included ransomware detections, and it is highly likely that threat actors are focusing on the delivery of ransomware. Official advisories from the US, UK, and Canadian cyber centers since June 2019 have also stressed the particular threat Emotet poses in the targeted delivery of ransomware,” they said.
Email compromise, impersonation
The report also revealed that social engineering,most commonly conducted through impersonation tactics, continues to be an popular and effective tactic for malefactors. It has shown a sustained increase throughout last year, with data impersonation attacks making up 26% of total detections from July to September, and the volume of these attacks grew by 18% in that time period.
Although the number of impersonation attacks is slightly fewer, they remain a key attack vector, says Mimecast. “Impersonation attacks now include a range of voice messaging and a generally less coercive form of communication, which presents as a more nuanced and persuasive threat. It is highly likely impersonation reduced as a result of threat actors’ focus towards the delivery of malware to exploit the monetary successes of ransomware attacks in 2019.”
Top three targeted sectors
According to Mimecast, specific sectors are repeatedly targeted, and the top sectors for attack globally were revealed to be transportation, financial and the professional services. These three sectors have been subjected to high levels of attack throughout last year, although transportation as well as retail and wholesale were disproportionately attacked this quarter, accounting for almost a third of the most significant global campaign activity.
The vast majority of attacks are again less sophisticated, high volume forms of attack, although more complex attacks are present and can take place over a period of several days, the researchers said, adding that this is almost certainly a reflection of the increasing ease of access to online tools and kits for any individual to commit a cyber attack.
The trend also reflects the challenges of human error as even the simplest attacks can be successful.
“As attacks progress, they alter exploits and include more potent forms of malware and ransomware,” the researchers concluded.