Security Market Segment LS
Thursday, 11 August 2022 15:33

Ransomware attacks on the rise: report Featured

By Staff Writer

There has been a significant increase in global ransomware attacks in the second quarter of 2022, with attacks up 24% from the three months of the first quarter this year.

The report on a global rise in ransomware from security company Avast in its Q2/2022 Threat Report released today reveals that the comany’s researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector.

According to the Avast report, the highest quarter-on-quarter increases in ransomware risk ratio occurred in Argentina (+56%), UK (+55%), Brazil (+50%), France (+42%), and India (+37%).

“Consumers, but especially businesses should be on guard and prepared for encounters with ransomware, as the threat is not going anywhere anytime soon,” explains Jakub Kroustek, Avast Malware Research Director.

“The decline in ransomware attacks we observed in Q4/2021 and Q1/2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which also led to disagreements within the Conti ransomware group, halting their operations.

“Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity.”

Avast also reports that its researchers discovered two new zero-day exploits used by Israeli spyware vendor Candiru to target journalists in Lebanon, among others.

The first was a bug in WebRTC, which was exploited to attack Google Chrome users in highly targeted watering hole attacks, but also affected many other browsers. Another exploit allowed the attackers to escape a sandbox they landed in after exploiting the first zero-day. The second zero-day Avast discovered was exploited to get into Windows kernel.

Another zero-day described in the report is Follina, a remote code execution bug in Microsoft Office, which Avast notes was widely exploited by attackers ranging from cybercriminals to Russia-linked APT groups operating in Ukraine - and the zero-day was also abused by Gadolinium/APT40, a known Chinese APT group, in an attack against targets in Palau.

Avast reports that Microsoft is now blocking VBA macros by default in Office applications.

Noting that macros have been a popular infection vector for decades, Avast reports that they were used by threats described in the Q2/2022 Threat Report, including remote access trojans like Nerbian RAT, a new RAT written in Go that emerged in Q2/2022, and by the Confucius APT group to drop further malware onto victims’ computers.

“We have already noticed threat actors beginning to prepare alternative infection vectors, now that macros are being blocked by default. For example, IcedID and Emotet have already started using LNK files, ISO or IMG images, and other tricks supported on the Windows platform as an alternative to maldocs to spread their campaigns,” says Kroustek.

“While cybercriminals will surely continue to find other ways of getting their malware onto people’s computers, we are hopeful that Microsoft’s decision will help make the internet a safer place.”

The full Avast Q2/2022 Threat Report can be found here

Read 1130 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments