The current threat report from G DATA CyberDefense shows that companies are being targeted more strongly by cyber criminals. While the number of averted cyber attacks on private users has only changed slightly - an increase of 1.9 percent when comparing the first quarter of 2020 to the first quarter of 2021 - the number of attacks on companies has increased significantly. The number of attacks averted between January and March of this year was 61.7 percent higher than in the same period last year. This period also includes numerous attacks on Exchange servers, which have caused - and will continue to cause - problems for many companies.
Attacks are becoming more and more professional
In addition to Qbot, a noticeable number of remote access Trojans (RATs) are currently active. More than 30 percent of averted attacks were carried out using AveMariaRAT or njRAT. RATs enable remote control and administrative monitoring of a third-party computer without the user noticing. Among other things, attackers can view the victim's desktop, log keystrokes, access the camera, steal the login information stored in browsers or upload and download files.
Current RAT campaigns especially show that the trend is moving towards ever more professional cyber attacks. Criminals are increasingly acting in a division of labour and assemble individual components into a modular infection chain and market those in a malware-as-a-service model. Detailed analysis of a current campaign by the Aggah group shows that the attackers try to deactivate protection and detection mechanisms on the infected computer after the user has activated a malicious macro in a phishing email. The initial script looks to see which endpoint protection solution is installed on the system and then selects the next script to trick the protection solution. In addition, the attackers are also modularising their infrastructure by storing malicious code on text-sharing platforms like Pastebin and calling it from there.