Numerous cybersecurity attacks are available to cyber-criminals, but some work better than others. Cyber-criminals prefer on specific methods based on their goals. For example, phishing is popular for stealing credentials, but malware works well for stealing data and providing backdoors for full control of an organization server. Here are some malware trends in 2020 that will likely continue to be popular in 2021.
Phishing is Still the Most Common Attack
Every year, phishing attacks increase globally. Phishing gives attackers several options. The first one is that attackers can either cast a wide net and send thousands of phishing emails in the hopes that a few fall victims to the campaign or they can create targeted messages to specific employees with high-level network access.
Malicious attachments in a well-crafted phishing campaign will download and install malware. This malware could be ransomware that encrypts data forcing victims to send a payment to the attacker in exchange for decryption keys. It could also be trojan malware that creates backdoors to the network or installs remote access tools that provide the attacker with full control of the computer.
Malware provides attackers with a wide range of exploit potential. For an attacker to steal data or extort money from a victim, usually it requires the use of malware. The potential with malware gives attackers a wide range of monetary gain. This monetary gain could be in stealing data from organizations and then selling it on darknet markets, or an attacker could silently steal data from an organization’s internal network.
Trojan software that gives attackers remote control of a computer is also a form of malware. This type of malware has been responsible for large-scale compromises such as data theft, affecting social infrastructures such as power utility facilities and water plants, and spying on competitor organizations.
Ransomware is another common malware application that can be devastating if attackers can install it on a local computer or critical infrastructure such as a server. With ransomware, an attacker could potentially earn thousands with one successful attack. What makes ransomware a bigger threat than other malware is that it uses cryptographically secure encryption to lock files and businesses must pay the ransom to get this data back. The only way to recover from ransomware is restoring files from a backup. Paying the ransom does not guarantee that the private key will be delivered, and files will be restored.
Exploiting Software Vulnerabilities
The year 2020 saw an increase in software vulnerabilities as more companies went digital. More software, servers, and at-home workers left the web open for attackers with the skills to find and exploit vulnerabilities in buggy software. Vulnerabilities are published on the Common Vulnerabilities and Exposures (CVE) database, which means attackers can simply look up any type of vulnerability and write an exploit for it.
Scripting bots that scan for vulnerabilities is also big business for attackers. Once a vulnerability is found, a script can scan thousands of sites in only a few minutes to find any servers or host machines with exploit potential. Once a common vulnerability is found, it only takes a few minutes for an exploit to launch and affect the target host.
Unpatched software was common in 2020, and this also leaves hosts vulnerable to exploits. When software developers release security patches, the vulnerabilities patched with the update are listed. Any host that does not have the patch installed is vulnerable until administrators patch the system. This leaves a window of opportunity for an attacker, which could make it a target for bots and scanners that find and exploit the issue.
Encryption in Malware
A big change is that now attackers use encryption to hide malware attacks. Encryption in malware attacks offers the added ability to hide from monitors and protect the attacker’s code. This trend made malware much more effective and harder for cybersecurity researchers to find once it’s deployed to a network device such as a desktop or server.
Best Practices in Your Defense
Scammers might be better at what they do, but you can still take the necessary steps to stop attacks. To stop phishing, always have email security installed. This includes filters to stop malicious messages from reaching a user’s inbox.
To stop malware, email filters are also necessary, but monitoring with catching malware that sends data to an attacker or attempts to access sensitive files. Finally, always patch software especially on public-facing servers. Patching software stops attackers from exploiting the latest vulnerabilities affecting your installed software.
Protect your organization from all malware with SpamTitan Email Protection. View SpamTitan Demo today.
Sign-up for email updates...