Positive Technologies, a leader in result-driven cybersecurity, has unveiled a study of the current cyberthreats for Q1 2024. Malware remained the main weapon that cybercriminals use, while analysts recorded an increase in the use of remote control software. Attackers usually spread malware by email: 51% of successful cyberattacks on organizations started with phishing emails.
In Q1, the number of incidents increased by 19% year-on-year. Meanwhile, 78% of the attacks targeted organizations. The top targets of successful cyberattacks were government agencies (15%), IT companies (9%), and industry (8%).
The most common method for attacking companies was with malware, which accounted for 68% of successful cyberattacks. The most common types of malware are ransomware (43%), remote access trojans (RATs, 32%) and spyware (21%). The number of cyberattacks using spyware and encryption malware decreased by 4% and 11%, respectively. Meanwhile, analysts note that in the first three months of 2024, the number of attacks using RATs increased by 10% compared to Q4 2023.
"The increased attacker interest in RATs can be explained by the fact that much of today's malware is modular. As such, attackers can combine spyware, bootloaders, banking trojans, and even encryption malware, allowing them to cause greater damage to their victims," notes Dmitry Streltsov, an analyst from the Positive Technologies research group. "We predict that cybercriminals will continue increasing their use of modular programs by adding new features to them. However, it's too early to discount spyware and encryption malware, despite the decline in their use."
In over half of the attacks, the attackers spread malware via email. Thus, Positive Technologies (The PT Expert Security Center) has detected a series of attacks by the cybergroup Lazy Koala, whose victims include organizations from Russia and the CIS. Attackers used phishing emails to convince recipients to open attachments and run the files in their browser. As a result, their devices were infected with malware that cybercriminals used to steal employee accounts.
Cyberattacks usually resulted in the leakage of confidential information (54%) and the disruption of core activity (33%). In data-centric attacks, attackers usually intended to seize personal information (37%), trade secrets (22%), and log-in details (17%). For example, in January, researchers discovered the largest database ever, with 26 billion entries of data on users of popular Russian and foreign social networks, as well as services such as Adobe, Dropbox, and Canva.
The experts note that with the growing number of information leaks and the inability of the protection tools already on the market to provide results-driven cybersecurity, there is a need for data security platform (DSP) solutions. Such systems can manage various types of data regardless of their structure or location. Experts also recommend using web app firewalls (PT Application Firewall or its cloud version, PT Cloud Application Firewall) and sandboxes such as PT Sandbox to protect the infrastructure. The former will reduce the risk of intrusion into the company's internal perimeters, while the latter offers timely detection of malware. To improve infrastructural security, experts recommend using vulnerability management systems, such as MaxPatrol VM, as well as running bug bounty programs, possibly on the Standoff Bug Bounty platform. In addition, even if your company's mail servers are protected, it is recommended to use services that analyze how well the configuration of the defenses performs with a tool like PT Knockin.
The full version of this study is available on the Positive Technologies website.
