The Wild, Woolly World of Cybercrime

Hong Kong-based security firm details astonishing rise in attacks

Cyber-attacks – primarily phishing expeditions – have hit astonishing levels, according to Trend Micro Inc., a Hong Kong-based cybersecurity firm, which said in a 44-page report that it is detecting 119,000 threats per minute as the world’s cyber outlaws attack homes, governments, and businesses in an effort to steal or extort money or perpetrate other crimes. It is a cybercriminal underground that is actually a thriving marketplace where products and services, including massive amounts of stolen data are sold, giving malicious actors easy access to tools and information that would otherwise be difficult for them to acquire.

“To say that 2020 was a year unlike any other would be understating the impact of the events that occurred throughout the year,” the report said. “For many organizations, sustaining a year-round remote work setup proved to be challenging, not just from a technological standpoint but from a human one as well. And this challenge was only exacerbated by the major security issues and threats that they had to deal with. Targeted ransomware continued to be a major concern in 2020.”

The document, issued on February 24, said home workers and infrastructure have come under renewed pressure from attacks, especially as the Covid-19 pandemic has kept more and more people working from home without the protections their corporate security departments usually provide. The report, “A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report,” said attacks on homes soared in 2020 by 210 percent to reach nearly 2.9 billion raids, amounting to 15.5 percent of all homes with connections.

Newer, more sophisticated ransomware operators are more methodical than in the past, typically going after the high-value assets of organizations in critical industries, according to the report. “Their attacks also display an array of techniques such as exploiting unpatched vulnerabilities, abusing weak remote desktop protocol security, and using other malware families as part of the routines. Furthermore, whereas organizations in the past only had to worry about their data being encrypted, ransomware operators have taken things a step further, threatening to prevent organizations from accessing their data while also adding the possibility of leaking stolen data — typically via leak sites — if the victims fail to meet their demands.”

Because of the importance of the targets, ransom demands have increased exponentially over the past few years. According to the insurance company Coalition, the amount being extorted from its policyholders doubled from 2019 to the first quarter of 2020.

The threat against homes, businesses, governments and anything else with an internet connection that could be compromised has given rise to a huge, profitable and growing cybersecurity industry, with the biggest names, like the Santa Clara, California-based McAfee the industry leader and a global player providing security to governments, industries and even individual homeowners. McAfee’s net revenue was up 10 percent to US$728 million in the third quarter of 2020 alone. Another is Crowdstrike, which provides security services to 12 of the 20 Fortune largest global companies, 10 of the 20 largest financial institutions, and five of the top ten largest healthcare providers. In all, dozens of such security firms have come into existence to combat the threat.

According to another report, by Red24, a crisis management assistance company that delivers a range of products and services to businesses and individuals, the perps are the usual suspects. Russia leads the top 10 countries in cybercrime, with a black market valued at US$2 billion per year, hosting as many as 30 “highly capable cybercrime groups.” As the US government has reported repeatedly, Russia is also known for state-sponsored hacking.

China is second on the list of notorious cybercrime originators, with as many as 30 percent of attacks worldwide. China, according to Red24, “has been accused of perpetrating state-sponsored attacks against foreign governments and businesses.” China has one of the largest military groups of cyber experts in the world.

The others, in descending order, are Eastern Europe, Romania, Brazil, Nigeria, Vietnam, Indonesia and South Korea, with the United States bringing up the rear, a ranking that is suspect on the part of many critics. The US is known to have a huge military and government cyber capability that remains deeply hidden. 

Email-borne threats made up 91 percent of the 62.6 billion threats blocked by Trend Micro last year, indicating that phishing attacks continued to be hugely popular. The company detected nearly 14 million unique phishing URLs in 2020 as attackers targeted a growing number of home workers distracted by the coronavirus.

"In 2020, businesses faced unprecedented threat volumes hitting their extended infrastructure, including the networks of home workers. Familiar tactics such as phishing, brute forcing and vulnerability exploitation are still favored as the primary means of compromise, which should help when developing defenses," said Tony Lee, Head of Consulting of Trend Micro Hong Kong and Macau, in a prepared statement. "Global organizations have now had time to understand the operational and cyber risk impact of the pandemic. The new year is a chance to adjust and improve with comprehensive cloud-based security to protect distributed staff and systems."

Newly detected ransomware families increased 34 percent, with "double extortion" attacks -- where attackers steal data before encrypting it to force payment by threatening to release the stolen information -- and more targeted threats becoming increasingly popular. Government, banking, manufacturing and healthcare were the most targeted sectors. The number of vulnerabilities published by the Zero Day Initiative (ZDI) increased 40 percent year-on-year, but Trend Micro continues to see flaws from as far back as 2005 being heavily exploited. Many attacks targeted flaws in VPNs used by remote workers. Cloud service misconfigurations increasingly had consequences in 2020. Trend Micro observed exploitation of unsecured APIs in several cryptocurrency mining attacks.

The ZDI published 1,453 vulnerability advisories, nearly 80 percent of which were rated as Critical or High severity.

The Trend Micro report identified what it called older “ransomware families” such as “Ryuk,” which continued to attack organizations, joined by newer groups known as Egregor and DoppelPaymer, which conducted highly damaging operations against critical industries such as healthcare, government, and manufacturing at the forefront of the fight against the Covid-19 pandemic.

Despite the use of increasingly complex campaigns by threat actor groups, phishing remained a widely used strategy, owing both to its simplicity and to its effectiveness, the report indicated. Cybercriminals increasingly went after supply chains to circumvent security by indirectly compromising their suppliers and other partners.

“The attack on the SolarWinds Orion software showed how threat actors could infiltrate even the tightest security measures by finding and exploiting weak spots in the supply chain,” Trend Micro said. “The cloud and the internet of things (IoT) became crucial for the continued operations of many businesses. But their use also exposed organizations — especially those that had little time to prepare — to the risks associated with these technologies. Recurring issues such as cloud setting misconfiguration and weak credential management led to security incidents, often involving cryptocurrency miners deployed by malicious actors looking to capitalize on security gaps in the affected systems.”

This article is among the stories we choose to make widely available. If you wish to get the full Asia Sentinel experience and access more exclusive content, please do subscribe to us.