Cybercriminals customizing malware for attacks on virtual infrastructure

Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, Positive Technologies finds.

cybercriminals customizing malware

According to the research, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total.

Cybercriminals attacked government institutions, industrial companies, scientific organizations, and educational institutions the most. Their main targets are personal data and credentials, and attacks on organizations are also aimed at stealing commercial secrets.

Ransomware remains the most common malware

The research shows that ransomware remains the most common malware. Its share, among other malware used in attacks on organizations, increased by seven percentage points compared to Q4 2020, now accounting for 63% of all malware. The report also finds Q1 saw several new pieces of ransomware emerge – for example, Cring, Humble, and Vovalex. And WannaCry is reported to be running rampant again, which made a name for itself in 2017.

Positive Technologies analyst, Yana Yurakova said: “Malware developers keep looking for new ways to bypass security tools. They’re using unpopular programming languages to fly under the radar, as in the case of BazarBackdoor (a remote access tool), which was rewritten in Nim. The operators of Vovalex and RobbinHood (ransomware programs) chose uncommon languages such as D and Golang, respectively, from the get-go. Some attackers upgrade their tools with features that erase traces of malicious activity.”

The report also finds the ransom amounts demanded by ransomware operators continue to grow, and due to the fact that some companies refuse to pay, attackers come up with new extortion tactics – for example, they threaten to report the attack and data theft to a victim’s customers, expecting that the customers will persuade the company to pay a ransom to prevent the disclosure of their personal data.

Cybercriminals increasingly developing malware to attack virtual infrastructure

More and more cybercriminals are developing malware to conduct attacks on virtualization environments, and some are aggressively trying to exploit vulnerabilities already found in software for deploying virtual infrastructure. The experts link this primarily to the global process of moving corporate IT infrastructure into a virtual environment.

Dmitry Serebryannikov, Director of Security Analysis, Positive Technologies, said: “Attackers carefully monitor information about new vulnerabilities and try to find a use for these in their attacks as soon as possible.”

The research also finds the number of attacks targeting IT companies remains consistently high for the second quarter in a row. In 15% of cases during Q1 2021, hackers targeted IT companies to conduct an attack on their customers or to steal customer data. At the beginning of 2021, there were still reports in the media about new victims of the attack on SolarWinds.

Don't miss