2020 will always be remembered as a year of disruptions in the wake of COVID-19. The same year also recorded a drop in the number of malware attacks by 35 million compared to 2019. But evidently, this drop is mainly associated with threats such as Adware and PUA that are least detrimental in nature. Simultaneously, dangerous threats like trojan, ransomware and infector have only escalated further, primarily because of the widely adopted work from home (WFH) culture. This transition has emerged as a fresh opportunity for threat actors to bank on, making businesses more vulnerable than ever before.
Since the lockdown was announced, cyber-attacks have emerged with new techniques targeting a completely new setup of the global enterprise. The pandemic will overlap into 2021 and with attackers ready, it is predicted that the number of infiltration attempts will increase. Let’s look at the key trends across 2020 that are expected to increase in 2021, through the lens of Seqrite, the enterprise security solutions brand of Quick Heal Technologies.
Malware detections in 2020
Seqrite detected 13,733 malware threats every hour in 2020, with Trojan leading the YoY and QoQ charts followed by other malware such as Infector, Worm, and PUA, disrupting enterprise operations the world over. Out of the total 113 million malware detections in 2020, quarter 1 clocked the highest at 36 million detections, with January witnessing maximum malware attacks.
In the following months, when COVID-19 hit the world, the researchers observed new versions of conventional ransomware attacks. For instance, double extortion, where threat actors not only encrypted but also stole enterprise data in the process. If the victim denied paying a ransom, attackers had the power to disclose all the sensitive data to the public. Therefore, in either way, the target was forced to pay money to the attackers – hence the name double extortion.
Apart from these, the researchers at Seqrite spotted advanced persistent threats (APT) campaigns – Operation SideCopy, Gorgon APT, and multiple attack campaigns by groups such Transparent Tribe/APT 36 & APT 10 against Government and private sector companies in 2020. Researchers attributed the rise of state-sponsored activity to the cross-border tensions with neighbouring countries like China and India.
Operation SideCopy proved to be the breakthrough discovery by Seqrite Researchers in 2020. Threat actors behind this campaign were found misleading the security community by copying Tactics, Techniques, and Procedures (TTPs) that pointed at the Sidewinder APT group. However, researchers at Seqrite discovered strong evidence of ‘Operation Sidecopy’, having potential links with Pakistan backed – Transparent Tribe group. This made Seqrite the first cybersecurity brand to expose the real identity of these threat actors.
2020 also saw many crypto-mining attacks, led by names like Kings Miner (attacks the under patched servers on the internet), Blue Mockingbird (targets public-facing servers with high configurations), and Lemon Duck Miner (a monero crypto-mining malware that converts network resources of an organization into cryptocurrency mining slaves).
Himanshu Dubey, Director, QuickHeal Security Labs, said, “Although 2020 has passed, the impact it has caused on enterprises and businesses seem to stay longer than expected. With the advent of COVID-19, threat actors have realized how they can capitalize on this new opportunity by banking on the new vulnerabilities that have popped up due to remote working or work from home (WFH). Attackers are going to innovate and roll out new ways to target businesses in 2021. It is, therefore, essential for them to invest in robust cybersecurity solutions that can prevent them from being prey to the evolving threat landscape.”
Things to look forward
While 2020 has been a year of new threat revelations, it has been observed that threat actors were very highly active in infecting systems using COVID-19 as their bait. Both businesses and individuals somehow became victims to coronavirus-themed threats in the form of fake mobile apps, phishing attempts and fake domains.
However, now that we have already entered 2021, with vaccines soon to be out, threat actors are expected to shift their focus from precaution-based to prevention-driven. It means, as governments gear up for making vaccination available to masses, attackers are highly likely to leverage this new opportunity by reshaping their attack strategies. Against this backdrop, researchers at Seqrite advise firms to equip themselves with the right and robust security solutions to tackle emerging and upcoming security challenges.