17.11.2022 | 1 Image

G DATA threat report: Targeted cyber attacks instead of mass attacks

Attackers still exploiting Log4J vulnerability.
G_DATA_KeyVisual_ThreatReport © G DATA CyberDefense

This press release has:

Appearances are deceptive. Although the number of cyber attacks is declining, cyber criminals are very active right now. This is reflected in the current threat report from G DATA CyberDefense. Criminals are currently making great use of Berbew, Neojitt and FormBook to infiltrate private users and companies.

Press release Plain text

In mid-December 2021, the German Federal Office for Information Security (BSI) issued a red alert for the Log4J (also known as Log4Shell) vulnerability. Even back then, the authority was warning that cyber criminals were actively exploiting the vulnerability. These fears are currently proving true, as the current threat report from G DATA CyberDefense shows. Instead of new waves of attacks, cyber criminals are currently launching targeted attacks on companies that they had already infiltrated using the vulnerability at the end of last year. Back then, the attackers installed backdoors which went unnoticed. They are now exploiting these and smuggling additional malicious code into the network - up to and including the encryption of data. Particularly alarming is the fact that not all companies have closed this vulnerability yet. This means that they are still a potential target for cyber criminals, who have the appropriate tools for finding and infiltrating these exposed systems.

“Unfortunately, what we had predicted at the beginning of the year about the exploitation of the Log4J vulnerability is currently materializing”,
says Tim Berghoff, Security Evangelist at G DATA CyberDefense. “Because of the ease of exploitation, criminals started by stockpiling hundreds of thousands of systems and have only recently begun to monetise these infections, for example by uploading ransomware. Those who installed the available security update early should be on the safe side.”

The number of new cyber attacks is declining, as it did in the second quarter. Comparing the third quarter of 2022 to the second, the number of averted attacks fell by 13.7 percent. The decline is greater for consumers than for businesses. The number of averted attacks on business customers fell by 7.5 per cent from the second quarter to the third, and by almost 15 per cent for private customers.

New attack routes into networks
Cyber criminals are currently using the malware Berbew, Neojitt and Formbook to attack systems. Berbew is a Trojan that reads passwords and sends them to a remote web server. Berbew also acts as a web proxy, allowing attackers to use the infected system as a relay for remote access to other systems. Cyber criminals distribute the Trojan via email as an attachment containing malware or via data sharing programs.

FormBook is an infostealer that exfiltrates data from infected systems, such as credentials cached in web browsers or screenshots. In addition, it also functions as a downloader, allowing attackers to execute malicious files on an infected system. Formbook is so widespread because it is marketed on underground forums at a low price under a malware-as-a-service (MaaS) model.

No reason to sound the all-clear
Despite the declining numbers, overall IT security in Germany is less than ideal. Attackers are consistently exploiting security gaps to compromise companies. Inattentive employees are also repeatedly opening the door to the network for cyber criminals when they fall for phishing emails and open attachments with malicious code or disclose access data on fake websites. Many companies still have some catching up to do in this area - both in terms of technological protection measures and security awareness.


G DATA CyberDefense AG is a leading German company in the field of IT security. Since 1985, the company based in Bochum has stood for digital security “Made in Germany”.

More than 500 experts protect businesses, public authorities, and private users every day with modular solutions that seamlessly combine software and services:

  • Managed Extended Detection and Response (MXDR)
  • Endpoint Security for Businesses
  • Security Awareness Training
  • IT security services such as penetration testing, incident response, and forensic analysis

Transparency, data protection, and digital sovereignty are the cornerstones of the company’s security strategy. For this reason, G DATA develops and operates its solutions in Germany. With its no-backdoor guarantee and ISO 27001 certification, the company helps businesses and organizations meet regulatory requirements. In doing so, G DATA lays the foundation for CyberVertrauen and a secure, resilient future.

G DATA. Trust in German Sicherheit.

All contents of this press release as .zip:

Direct download

Release text 3400 Characters

Plain text Copy release text

Images (1)

G_DATA_KeyVisual_ThreatReport
1 200 x 630 © G DATA CyberDefense

Contact

(2) Kathrin Beckert-Plewka
Kathrin Beckert-Plewka
Public Relations Managerin

+49 234 9762 - 507
kathrin.beckert@gdata.de