G DATA threat report: Attackers rely on phishing and malvertising
Security experts at G DATA CyberDefense identified around 50 million different malware programs in 2022. This is twice the number for 2021, according to the new threat report from G DATA CyberDefense. In addition to phishing, attackers are increasingly using malvertising, i.e. malicious advertising, and search engine poisoning to spread malicious code. In addition, the number of averted cyber attacks rose sharply again in the fourth quarter of 2022.
In 2022, cyber criminals released almost 135,000 new variants of their malicious software within one day - more than 93 attack attempts per minute. The criminals are banking on the inability of antivirus solutions to keep up with the fast pace and their failure to detect the new malware variants, allowing them to penetrate the network unhindered. Security analysts identified more than 49 million different malware programs in 2022 - an increase of 107 percent. The number has more than doubled compared to 2021.
A focus on consumers Current research by G DATA CyberDefense shows that the number of averted cyber attacks increased by more than 15 percent from the third to the fourth quarter. Cyber criminals have increasingly been targeting private users. While the number of averted attacks on companies fell by more than 11 percent within three months, the number of unsuccessful attacks on private individuals increased by a fifth. A major reason for this is that cyber criminals are taking advantage of seasonal events and holidays such as Black Friday or Christmas and luring consumers into traps with fake websites or phishing emails. The aim of this is to copy login data for online banking or to install malware on home computers.
“Cyber criminals work on a seasonal basis and especially focus on consumers at the end of the year,” explains Tim Berghoff, Security Evangelist at G DATA CyberDefense.
“Most attacks happen either on the weekend or just before holidays. Companies should not lull themselves into a sense of security - they should continue to work on their IT security strategy. Once again, this includes real-time protection to keep up with the fast pace of the attacks.”Malware Top 10 - return of the TrojansFour malware families from last year's ranking are in the Top 10 for 2022. Another change is that, while remote access Trojans especially have been dominating the list in recent years, the picture is now much more diverse. Berbew, Urelas and Vilsel are three Trojans now in the ranking. This continues the trend of combining different malware strains into attack chains in order to maximise profit.
The Malware Top 10 at a glance:
Position |
Name |
Proportion in percent |
Type |
1 (7) |
Shade |
15,9 |
Ransomware |
1 (8) |
BlackShades |
15,9 |
Remote Access Trojan |
3 (-) |
Urelas |
11,4 |
Trojan |
3 (-) |
Berbew |
11,4 |
Trojan |
5 (2) |
Emotet |
9,1 |
Malware Distributor |
6 (-) |
Vilsel |
7,1 |
Trojan |
7 (-) |
DC-RAT |
6,9 |
Remote Access Trojan |
8 (-) |
Buterat |
3,6 |
Remote Access Trojan |
9 (-) |
Prepscram |
3,0 |
Software Bundler |
10 (1) |
Dridex |
2,3 |
Information Stealer |
Previous year’s position in brackets
Multiple attack paths lead to the targetCyber criminals use various methods to infiltrate networks and computers. In addition to classic phishing emails, search engine poisoning and malvertising are currently among the most frequently used attack vectors. This is how phishing mails have been working for more than 30 years - even though private individuals and companies have been using email security and spam filters for just as long. One reason for this is that phishing emails have improved in quality. In addition, the danger from targeted attacks has become greater.
Search engine poisoning is currently a widespread attack method. Cyber criminals use search engine optimisation tactics to ensure that a malicious website ranks high in search engine results. Criminals use trending topics such as upcoming political elections, major sporting events or seasonally recurring events - for example holidays, Black Friday or Valentine's Day. Anyone who clicks on the link in the results lands on a website with malicious code. Alternatively, the cyber criminals try to trick their victims into entering confidential information to use it for identity theft.
There was also a significant increase in infections via malvertising, i.e. malicious advertising. In this method of attack, cyber criminals use a special form of malware that hides behind primed advertising banners. Anyone who clicks on an infected banner downloads the malware onto their computer. However, in addition to this, attackers often exploit security gaps in the browser and/or the operating system to infiltrate malware into the system.
“Users should have an effective security solution installed on their computer to protect themselves from the effects of malvertising or search engine poisoning,” says Tim Berghoff.
“Software with real-time protection prevents execution of the malware. It is also important that the antivirus software is always up to date and that updates are installed. The same applies to the firewall, the operating system and the browser being used.”Even though attacks on companies have recently declined, cyber criminals will continue to attack companies. In doing so, they also apply economic aspects and try to achieve maximum profit with minimum effort. So if companies keep their IT security up to date, patch their systems and increase the security awareness of their employees, attackers will also have to invest more effort into reaching their target. And if this effort exceeds the return, cyber criminals will look for new victims whose systems are easier to beat.