- Ransomware, banking malware, unwanted applications, and Android attacks all rose significantly
- Pandemic-related incidents had a big impact
- Similar threats expected for this year, and cyber security teams need to have the right security tools in place
It’s clear that 2020 was likely one of the most unique and challenging years cyber security executives will ever face. Just how difficult was it? Consider some of these key findings from Bitdefender’s newly released 2020 Consumer Threat Landscape Report:
- 485% year-over-year increase in global ransomware reports
- 449% jump in banking malware Emotet reports during the second half of 2020
- 320% rise in year-over-year global reports of potentially unwanted applications (PUAs)
- 32% increase in reported Android threats during the second half of 2020 compared with the second half of 2019
Those are alarming numbers, and they reflect a threat landscape that has become even more complex and dangerous because of the Covid-19 pandemic and the resulting massive shift to remote work environments.
Unfortunately, the global health crisis did not stop bad actors from launching all manner of malware attacks throughout the year. In fact, threat actors and threats themselves thrived and even evolved, according to the study.
Although the report focuses on the consumer market, many of the findings are relevant to enterprises and businesses alike. Given that so many employees continue to work from home and oftentimes use their personal devices to do their jobs, there’s a greater blurring than ever between business and consumer technologies and security threats.
And even though the research is focused on what happened in 2020—Bitdefender’s consumer telemetry is designed to capture a snapshot of what threats were aimed at the average user—these cyber security trends are likely to continue this year as organizations grapple with an evolving hybrid work environment.
The large increase in global ransomware from 2019 to 2020 shows that threat actors have doubled down on what was already quite a lucrative business.
“Throughout 2020 there were numerous incidents involving massive botnets distributing ransomware infections or spam and spearphishing campaigns,” the report said. These were executed with great attention to detail, it said, in an attempt to net as many victims as possible without arousing suspicion.
Bad actors updated their spam-sending tactics by focusing more on delivering seemingly legitimate emails, the study said, in an attempt at maximizing their chances of infecting users. Messages had fewer typos, more jargon, and used legitimate logos when impersonating companies and organizations, and cyber criminals exploited their social engineering skills to create believable emails.
For spam and phishing, attackers focused on creating simple and generic messages designed to be vague, in an attempt to trick victims into clicking on links or opening embedded attachments. But the pandemic gave them a new opportunity to exploit a highly popular topic and increase the success rates of spam and phishing by focusing more on the content and social engineering aspect of the message.
While Coronavirus-themed messages were a key theme for the first half of 2020, banking services were among the most popular themes during the second half. Popular banking Trojans such as Dridex, Emotet, Trickbot, and AgentTesla were popular among cyber criminals in 2020.
“While some of these Trojans focused on individually collecting personal or financial data from victims, others were used as a means to deliver ransomware or even additional Trojans,” the study noted. Emotet and Trickbot have frequently been spotted together, usually one delivering the other, the Bitdefender report said. But their massive botnet infrastructures were also used to deliver various strains of ransomware.
Based on how global Emotet reports evolved throughout the year, the second half seems to have been extremely busy for Emotet operators. That period accounted for 84% of all Emotet reports throughout the year, and the final quarter accounted for 51% of the total for the year.
The research also examined PUAs, and while they might not be malicious per se they can be disruptive to users by behaving in ways that can cause system slowdowns, display unexpected ads, or even install additional software. With the substantial rise global PUA reports, it’s likely that more users encountered these types of applications in 2020 than they did the year before, the report said.
As for Android threats, they evolved in an interesting pattern in 2020, the report noted. Bitdefender’s telemetry detected an unusual trend in which a relatively large number of users installed Zoom videoconferencing apps from sources other than the official ones. This opened up their devices to potential infections with malware posing as Zoom installers.
In addition, researchers detected Android apps that promised valuable information about the pandemic at a time when such data was scarce. By using these malicious apps, most of which were available through third-party marketplaces, attackers could potentially steal personal data and other information.
In general, the report noted that any tactics or malware that were successful for cyber criminals last year are likely to spill over into 2021.
“Cyber criminals will likely reuse everything they learned and that proved successful during 2020, and users will also have to adapt to better identifying and mitigating potential threats,” the report said. Whether its ransomware, spam, phishing, or Android threats, “the 2020 threat landscape proved that cyber criminals are fast to adapt and highly opportunistic, and that panic, fear, and misinformation can become powerful tools in the hands of threat actors.”
In light of this, the researchers strongly encourage organizations and individuals to always use security tools regardless of the device in use; constantly use strong and unique passwords for accounts and devices; update applications and operating systems with the latest patches; and always be vigilant when reading any information online.