Criminals leveraging shift to remote work to develop targeted attacks

Malwarebytes announced the findings of its report which explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes.

In the wake of this change, cybercriminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks. As a result, the report found a notable shift in the devices targeted and strategies deployed by cybercriminals.

2020 ushered in several high-profile cybersecurity incidents including: Marriott’s breach with 5.2 million impacted guests; high-profile account hacks on Twitter—which included former President Barack Obama, Jeff Bezos, and Elon Musk: and the far reaching impacts of the nation-state attack on FireEye and SolarWinds executed through the supply chain. These attacks underscore just how vulnerable even the most secure organizations or individuals are when targeted by determined and skilled cybercriminals.

The year also saw concerning trends for consumers including a staggering rise in the use of stalkerware, the invasive mobile monitoring and spyware apps that can rob individuals of their expectation of and right to privacy.

The use of applications that monitor user activity—which include all tracking applications rose from January to December by 565 percent, while spyware app detections rose across the same period by 1,055 percent.

“This past year has taught us that cybercriminals are increasingly formidable, planning long-term, strategic, and focused attacks that are sometimes years in the making. 2020 continued to show us that no company is immune, and there is no such thing as ‘safe enough,'” said Marcin Kleczynski, CEO of Malwarebytes.

“The COVID-19 pandemic compounded this with new challenges in securing remote workforces, making it essential that we quickly become more adaptable and learn how to better protect workers in any environment. While our total detections are down this year, we must remain vigilant. The threats we are seeing are more refined and damaging than ever before.”

Decrease in Mac and Windows detections, but increase in sophistication

Despite an overall drop in detections for Macs and Windows in 2020, it’s clear the COVID-19 pandemic influenced the cybercrime world so much that many anticipated campaigns either never arrived, arrived with less impact, or were replaced entirely with attacks more suited against users during a pandemic.

In 2020, an overall decline of 24 percent of Windows detections across businesses and an 11 percent decline for consumers was observed. Overall, there was a 12 percent decline in Windows detections across the board, regardless of whether they’re business or consumer users.

The dramatic drop in business detections between 2019 and 2020 is most likely due to many employees no longer working in offices in 2020. However, Mac detections for businesses surprisingly jumped 31 percent year-over-year.

Mac detections in 2020 fell from the all-time high we previously reported for 2019, with overall detections decreasing by more than 37 percent. While the number of business detections was up 31 percent, consumer Mac detections were down 40 percent.

PCs weren’t the only devices to experience a shift in malicious activity. Climbing the detection charts in 2020 was an Android malware called FakeAdsBlock, which produces an alarming number of non-stop ads, accounting for 80,654 detections.

HiddenAds was found to be the most prevalent mobile adware application. This Trojan, which aggressively assaults users with ads, racked up 704,418 detections, an increase of nearly 150 percent year-over-year.

Remote work, targeted attacks, other findings

Harrowing hacktools, surging spyware: Although Windows detections for businesses decreased, detections for hacktools and spyware tools meant to compromise security and/or collect information on the victim increased dramatically – by 147 percent and 24 percent, respectively.

Mac PUPs can be real dogs: Overall, Potentially Unwanted Programs (PUPs) represented more than 76 percent of threat detections for Macs, while adware represented about 22 percent. Meanwhile malware only accounted for 1.5 percent.

Size matters for Mac threats: When comparing organizational size and Mac threat detections, medium to large businesses experienced mostly adware, which accounted for almost two-thirds of detections, while small businesses experienced primarily PUPs, clocking in at almost 95 percent of all detections.

Top threats span businesses and consumers: Among the top five threats for both businesses and consumers were the Microsoft Office software cracker KMS, the banking malware Dridex, and the cryptocurrency mining BitCoinMiner.

Emotet and Trickbot, ‘mostly’ dead: Detections for the most notorious business threats Emotet and Trickbot fell by 89 percent and 69 percent, respectively, though the operators behind these threats pulled off several notable attacks in 2020.

Android faces dangerous banking trojan: A perilous banking trojan called Bankbot, which steals payment information using fake login screens, saw a huge spike, amassing a 3,841 percent surge in Android detections.

Ransomware – Pay up… or else!: Ransomware became more targeted in 2020. Despite not hitting the higher detection numbers, attackers made more money demanding payment for not posting stolen data than they did from victims who paid the ransom just to decrypt their files. This was true for the ransomware family REvil, or Sodinokibi, which claimed to net $100 million, much of which came from extortion threats.

Government-funded program pushes pre-installed mobile malware: Malwarebytes twice uncovered pre-installed malware on phones provided by Assurance Wireless through the U.S. government-funded Lifeline Assistance program. Pre-installed malware is one of the thorniest challenges for customer support workers and customers themselves, as this type of malware comes pre-installed on new mobile devices and most remain unremovable.

Taking aim at industry: The agriculture industry suffered through a 607 percent increase in threat detections, while detections for the food and beverage industry increased by 67 percent. More traditional targets all dropped in detections by varying degrees – education fell 17 percent, healthcare dropped 22 percent, and automotive declined by 18 percent.