2020 Threat Landscape Report reveals new themes and evolving threats

2020 Threat Landscape Report reveals new themes and evolving threats

Security firm Bitdefender published its mid-year Threat Landscape Report 2020 that reveals how cybersecurity threats and malware play on the pandemic theme.

Additionally, the report outlines many well established and new malware threats that have evolved over the first half of 2020: Windows malware, ransomware, Android and IoT threats.

Bitdefender summarized the following key findings in the report:

  • Coronavirus-themed threats (to also include Android) becoming the new norm.
  • Huge increase in ransomware attacks (seven-fold over last year).
  • 40% of Covid-themed emails are spam.
  • 46% increase in IoT suspicious incident reports.
  • 56% of IoT network threats involve port-scanning attacks.
  • GoLang becoming a popular programming language for IoT malware.
  • Attackers focus more on social engineering, less on malware sophistication.

Coronavirus-themed threats

Cybercriminals used the Covid-19 pandemic to spread fear and misinformation. As a consequence, there was a huge spike in related scams, phishing campaigns and malware across all technology platforms throughout the first half of the year.

“As the year began and the number of affected countries and people peaked in early March, threat actors seized the opportunity to exploit the topic by focusing less on malware sophistication, and more on carefully planning malware serving campaigns that selectively targeted specific regions and countries,” Bitdefender explained in the report.

Although the number of pandemic-themed reports dipped 10% in May, cybersecurity experts fear that new threats will likely increase if there is a second wave of the pandemic.

Windows malware

Of all the Windows-related malware, global ransomware was one of most popular threats, increasing by 715 percent year over year.

For example, Maze, Snake and WastedLocker ransomware caused havoc on multiple companies this year.

Ransomware encrypts files, documents and databases to generate profit for threat actors.

In addition, many banking trojans, such as Dridex, Emotet, TrickBot and AgentTesla, were used in cybercriminal activity throughout 2020.

Many of these banking trojans have been used to steal financial data or e-banking credentials. However, some of them have evolved with new features, such as to move laterally and exploit vulnerabilities on other internal systems.

According to Bitdefender, these go-to threats remained popular during the pandemic “because of their long-standing track record for effectiveness, but also because their developers have constantly added new features, making them more resilient against detection from security solution and more feature-packed.”

Dridex malware reports registered a spike in June where 36 percent of H1 2020 attacks happened in that month alone.

Cryptocurrency coin mining malware reports also increased 20 percent year over year in H1 of 2020.

In a more recent attack, KryptoCibule abused victim’s resources in a “triple threat” to mine coins, hijack cryptocurrency transactions and exfiltrate cryptocurrency-related files.

In addition, Fileless malware threats peaked earlier this year in January and March (or 44% of all the H1 fileless malware reports.

As recently as August, a fileless malware dubbed FritzFrog executed a Golang-based worm malware that was multi-threaded and fileless. In other words, it assembled and executed payloads in-memory and left no trace on the infected victim’s system disk.

Global exploits were also highlighted in the report, having increased nearly a whopping 406 percent over first half of 2019.

Android malware threats

As of 2019, around 2.5 billion active Android devices were in active use and thus a prime target for hackers.

According to the Threat Report, one of the main threats stem from the download of malicious apps from third-party stores or from less trustworthy websites that already provided infected files.

The other challenge is Google Play Store is not available in some regions. However, bad Android apps can still be downloaded from the Google Play Store.

“Google routinely removes apps from its store after finding they violate disruptive ads policy and disallowed interstitial policy,” the report stated.

Bitdefender spotted a significant increase in the download of medical-related mobile apps. Cybercriminals often like to bundle adware, banking trojans and SMS-sending malware disguised as legitimate-looking apps.

Internet of Things (IoT) Threats

According to the report, Internet of Things (IoT) devices are projected to reach nearly 42 billion devices by 2025.

Attacks on home-based IoT devices has also increased 46 percent from January to June.

Furthermore, nearly 56 percent of all identified network incidents involve port scanning attacks. As a result, attackers scan for open ports in internet-facing devices to find vulnerable devices they can exploit.

To add, nearly 23 percent of household IoT network incidents involved password stealing attempts via HTTP account.

Popular IoT malware examples involved in attacks include IrcFlu, Dark_Nexus7 and InterPLanetary Storm.

Just this past June, security researchers also identified a series of 19 zero-day Ripple20 vulnerabilities in a lightweight TCP/IP stack library used in hundreds of millions of IoT devices.

“Hackers are usually after one of two things. They either want to compromise IoT devices and steal personal data, or extend their botnets, allowing them to launch DDoS attacks or rent those services to third parties,” Bitdefender said.

Some of the most common IoT-related threats include:

  • Weak or default passwords not changed
  • Vulnerabilities never fixed by the IoT manufacturers
  • Lack of vendor support quickly after launch
  • End of life (EOL) devices.

Other threats

Other threats highlighted in the Bitdefender Threat Landscape report involve extortion and online dating scams, travel-related scams and email spam (looking to take advantage of pandemic).

Readers can also check out our article on Enterprise VPN-related threats in the wake of the Coronavirus Pandemic.

Related Articles