Cyber crime - a seasonal business
Cyber criminals were particularly active in July 2020. The number of attempted attacks increased by 176.1 percent compared to June - the highest increase within a four-week timeframe during the current year. After the sharp increase in July, the situation calmed down somewhat in August and September. Security analysts in Bochum have recently recorded a decline in cyber attacks. From August to September, the number dropped by 27.5 percent.
Looking at the big picture however, there is no question of a let-up - the figures remain at a high level, and are very high compared to the beginning of the year especially. The decrease in attacks demonstrates that cyber crime is undergoing seasonal fluctuation. The number of attempted attacks traditionally increases at the beginning of the summer holiday season. For example, criminals send out mass emails containing supposedly cheap or fake holiday offers. This year, sending false warnings regarding travel and coronavirus was another scam used by the perpetrators. Another reason for the decline is that attackers repeatedly make adjustments to their malware or IT infrastructure before launching the next wave of attacks. The aim of this is to improve efficiency in order to increase profits.
In total, analysts at G DATA identified 200 active malware families in the third quarter. Gozi, Agent Tesla, Emotet and Ranumbot/Glupteba were particularly active. These are malware strains that have been making trouble and causing a great deal of damage for some time.
Gozi, for example, has been around since 2006. This malware usually penetrates victims' systems via phishing emails and has screen capture and keylogging functions. Gozi uses its functionality to glean login data stored in browsers and email software.
After a break this spring, Emotet, the all-purpose weapon of cyber criminals, has picked up speed again. The malware is now very complex. Its original function - the manipulation of online banking transactions - is now a thing of the past. Emotet has moved on to other areas for this purpose, from tapping into email contacts and creating detailed communication profiles of attack victims, to acting as a door opener for other malware.
Agent Tesla has been active for more than six years. This is a sophisticated keylogger and information stealer that records keystrokes, reads data, generates screenshots and intercepts access data. Attackers are now combining these attacks with current social engineering methods and including references to COVID-19 in phishing emails, so they are still causing a great deal of damage.
RanumBot deactivates all security services and the Windows firewall on an infected system, thus opening the door for further malware such as the Trojan Glupteba. In addition, the malware changes the default settings in the Windows registry so it is activated automatically each time Windows is restarted.