Ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, according to a report released by Positive Technologies.
“Attackers carefully monitor information about new vulnerabilities and try to find a use for these in their attacks as soon as possible. In early 2021, Positive Technologies researchers helped eliminate several critical vulnerabilities in VMware products, including CVE-2021-21972 in vCenter Server, which allowed remote code execution. After the vendor's security updates appeared in early February and the bulletin was published, Bad Packets researchers discovered multiple network scans conducted to find vulnerable hosts. We strongly recommend installing the security updates as soon as possible,” says Dmitry Serebryannikov, director of security analysis, Positive Technologies.
- The number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks and incidents with individuals accounting for 12% of the total.
- Ransomware remains the most common malware.
- Research also finds the number of attacks targeting IT companies remains consistently high for the second quarter in a row. In 15% of cases during Q1 2021, hackers targeted IT companies to conduct an attack on their customers or to steal customer data.
“Malware developers keep looking for new ways to bypass security tools. They’re using unpopular programming languages to fly under the radar, as in the case of BazarBackdoor (a remote access tool), which was rewritten in Nim. The operators of Vovalex and RobbinHood (ransomware programs) chose uncommon languages such as D and Golang, respectively, from the get-go. Some attackers upgrade their tools with features that erase traces of malicious activity,” adds Positive Technologies analyst Yana Yurakova.