Microsoft has presented its 24th Security Intelligence Report (SIR) on the information security threats. To prepare the report, experts have analyzed 6,5 trillion signals, which are transmitted via cloud resources of Microsoft every day. Data were presented by corporate and private users, who agreed to share them with reference to geolocation.
There are four main types of attacks: fishing, ransomeware, software for hidden mining and supply chain attacks. According to the document, the most fast growing type of attacks remains fishing, the number of ransomeware attacks is reducing but instead attackers started to use more hidden methods, for example,mining of crypto currencies. Also experts noted the reduce of the number of ransomeware in Russia.
The popularity of fishing is raising quickly, the monthly average indicator has grown more than by 350% in 2018. Each month Microsoft analyze and scan more than 470 billion emails to prevent fishing and malware attacks. In 2018 the monthly average indicator has raised from 0.14% (644 million letters a year) to 0.49% (2 254 billion) a month. Microsoft’s forecasts are that this tendency will be keeping in the nearest future as actions of malicious users aren’t directed to find technical vulnerabilities but human weaknesses.
Malicious users changed their tactics in response to more complex tools and methods which were installed to protect users. From quick attacks which are active only during some minutes, hackers switched to long-term campaigns. Fishing attacks became more complicated, attackers use several vectors of attacks at the same time, they send letters from different IP-addresses and use fake domain names to make emails look like they were sent on behalf of well-known companies or colleagues and carefully consider the subject of the letter to force the user to open it.
The confirmation is a two-step fishing attack, occurred in one organization. At the first step hackers sent emails to company employees with a link to a fake landing page, where it was required to enter account data to get an access to an "important document".
With that information hackers got the access to Office 365 accounts. At the second step cyber criminals tried to get the access to companies assets via fishing letters. At that stage Microsoft connected with the client and closed the access of attackers to the hacked Office 365 accounts.
The reduce of the number of attacks of ransomeware in 2018 demonstrate how computer security measures make hackers to change their approach. In 2017 ransomware was a serious threat but now the average indicator has reduced by 73%. Microsoft thinks that hackers switched to more hidden attacks because users’ reaction became more skillful: they refuses to pay to hackers, make reserve copies of data.
In some countries like Ethiopia (0.77%), Mongolia (0.46%), Cameroon (0.41%) this threat remains actual because of the low culture of cyber security. The most safe countries are Ireland (0.01%), Japan (0.01%), USA (0.02%), Great Britain (0.02%) and Sweden (0.02%).
The situation in Russia meets global trends, the average monthly rate of attacks fell by a third — from 0.12% in 2017 to 0.08% in 2018.
According to the monthly average number of attacks in 2018, ransomeware gave way to the mining of crypto currencies (0.05% vs 0.12%). Hackers began to implement hidden mining and started to use the processing power of computers of their victims to generate crypto currencies. The attack doesn’t only reduce the system productivity but can make more significant harm.
The number of viruses for mining has grown almost 2.5 times. For example, the expansive growth of such attacks around the world was fixed in March. In Russia their number was 1.9% vs 0.28% (global indicator) in March. As a result, the average monthly number of mining of crypto currencies in Russia in 2018 also exceeds the global indicator: 0.43% vs 0.12%.
The most dangerous viruses operate via browsers, hackers don’t need to force their victims to download any additional software. Some services advertise browser applications for mining as a method of traffic monetization of websites. In this case, resource owners no longer need to rely on AD revenue. When a user enters a page with an integrated virus, his computer productivity is reducing and the electricity consumption is increasing. Thus, hackers get the access to the productivity of thousands of computers.
Countries where specialists face viruses-miners the most often are Ethiopia (5.58%), Tanzania (1.83%) and Pakistan (1.47%). The most seldom this type of malware software appears in Ireland (0.02%), Japan (0.02%) and USA (0.02%).
Supply chain attacks – one more tendency Microsoft keeps an eye on during last few years. Hackers implement a virus in an original application or a service pack. Users trust vendors and install a malware program, accepting it as a product of a well-known supplier.
In 2018 the first (and the biggest) attack of this kind became trojan Dofoil. During the first 12 hours Windows Defender Antivirus blocked more than 400 thousands of attacks, aimed at Russian users (73%), Turkey (18%), Ukraine (4%) and other countries.
The average monthly rate of the growth of malware programs in the world for 2018 reduced from 6.29% to 5.07%. However, in some countries, for example, in Ethiopia (26.3%) and Pakistan (18,94%) there is still a high indicator of attacks of malware programs. This is a result of a low level of a digital culture.
In Russia the average monthly indicator of the number of malware programs has increased from 8.83% to 9.23% in 2018.
Countries where specialists face malware software more often are Pakistan (18.94%), Palestine (17.5%), Bangladesh (16.95%) and Indonesia (16.59%). The most seldom malware software appears in Ireland (1.26%), Japan (1.51%), Finland (1.74%) and Netherlands (1.82%)