G DATA threat report: Attackers exploit vulnerabilities in publicly available services

The number of averted cyber attacks in the third quarter of 2021 is back where it was before the start of the coronavirus pandemic. The number fell by 28.7 percent compared to the second quarter. The reasons for the decline are that, traditionally, the number of attack attempts is seasonally lower in the summer months than at other times. In addition, employees returning to the office after working from home are also contributing to normality and leading to falling numbers. At the beginning of the pandemic especially, the numerous poorly secured computers in the private environment were easy prey for cyber criminals. Overall, numbers in the private environment have declined more than in companies. Within three months, the number of averted attack attempts on consumers fell by more than 30 percent. In the business environment, the number fell by 22 percent.

The latest analyses show high coinminer activity for the third quarter of 2021. In this case, cyber criminals use the computing power of other people's computers to generate Monero or other cryptocurrencies. While criminal intruders make money from this, users must pay for increased electricity costs and use a computer with limited performance. When criminals exploit the computing capacities of companies by compromising server farmers or cloud instances, the financial damage is great.

The current threat report shows that attackers are continuing to rely on established malware. Between June and August 2021, they were particularly active with malware - Glupteba, Agent Tesla and STOPRansomware - that has already been active for several years. Cyber criminals are developing these further and are also working on hiding the malicious code from security solutions. To do this, they usually use so-called packers, which make the malicious core unrecognisable. Using automated tools, they can send new waves of attacks through the network almost every second.

During the year, cyber criminals have again been making increasing use of rootkits. These are experiencing a renaissance after several years. Rootkits are used alongside malware such as ransomware or droppers and ensure that malware or spyware remains undetected on the system for as long as possible, or that criminal groups can manipulate the computer remotely. In doing so, they have far-reaching rights at the administrator level, so that they can access every function of the operating system. On top of that, rootkits can hide most traces of their existence very well.