hamburger

BitDam Blog

Alex Livshiz
Alex Livshiz
4 minutes & 4 seconds read · January 20, 2020

Trends in Cyberattacks: The Villains of 2019

Trends in Cyberattacks: The Villains of 2019

It seems that no sooner has the world recovered from one cyberattack, that another one hits and causes a tremendous amount of damage. One of the main challenges faced by organizations and security professionals is the constantly evolving  nature of cyber attacks, as they have to keep changing their methods in order to stay effective.
Interestingly, our research shows that many major cyber attacks originate from one of only a handful of “families” – and that understanding the constantly evolving nature of these attacks is a key step in ensuring you stay protected.

Cyber Attack Trends

We pooled the collective knowledge of cyber experts to map global cyber attack trends over time. Using data from Twitter, we mapped the key attack families and looked at the number of instances of each, over time. This exposed some fascinating trends and their intersection with major cyber events.

The Villains: Most Prominent Cyber Attacks of 2019

The most prominent cyber attacks of this period were variations of the following:
Emotet

  1. A polymorphic banking trojan. It was unveiled in 2014, mostly in Europe, followed by the USA
  2. Spread through malicious JavaScript files
  3. Emotet is able to intercept network traffic in order to access bank and financial accounts. When running in a sandboxed environment, Emotet changes its behavior to avoid detection
  4. Today, it spreads to new computers using malspam campaigns, mostly through links and macro-enabled documents
  5. Uses a shortlist of targets for maximum effectiveness
  6. Has more than 30,000 variants

WannaCry 

  1. A ransomware worm that was widely spread in May 2017. It said to have affected more than 200,000 computers across 150 countries
  2. The damages WannaCry caused are estimated in the hundreds of millions of dollars
  3. It’s estimated that North Korea was behind the attack
  4. Has more than 12,000 variants

Trickbot

  1. A trojan-type malware designed to steal private data
  2. First identified in late 2016
  3. Has more than 2,000 variants

GandCrab 

  1. A form of ransomware that encrypts all files and changes extensions
  2. The GandCrab family consists of numerous variants, including GDCB, KRAB, CRAB virus, GandCrab 2, 3, 4, and 5
  3. As of March 2019, the GandCrab family has spawned 9 distinct variants along with subversions that have reached v5.2

Dridex

  1. Also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word
  2. Has more than 20,000 variants

The graphic shows how Emotet and its variants were the dominant cyberattack over this period, with WannaCry trending strongly over parts of the year, along with Trickbot and GandCrab. Dridex’s impact was almost constant throughout the year.

Cause and Effect: Cyber Attack Trends of 2019

What caused certain cyberattacks to trend over 2019? Why did some cyber attacks “come from nowhere”, while others suddenly spiked after lying dormant for long periods of time?Spikes and major changes intersected with the following news pieces and events.

  1. 01/01/19: Emotet campaigns resurge after the holidays
  2. 14/04/19: Microsoft (and later the NSA) warn of a major vulnerability (CVE-2019-0708) that can lead to a WannaCry-like attack and spread quickly
  3. 01/06/19: GandCrab creators shut down operations after making huge profits
  4. 18/07/19: Trickbot begins to be distributed using fake Office 365 websites
  5. 24/09/19: New Emotet variants are seen in the wild

One of the key takeaways here is that these attack families keep evolving and new variants emerge constantly. How can you ensure you will be protected when the next one emerges?

The Continuously Changing Nature of Cyber Attacks

It cannot be emphasized enough: cyber attacks keep changing in order to avoid detection and to stay effective. The kicker? These changes are due to automation used by attackers.
While 5 main “families” of cyber attack are followed in the graphic, each of these has spawned thousands of subsets and variants and is creating more as you’re reading this. Without much work from the attackers’ side, these cyber attacks are morphing slightly each time, much like viruses “drift” and “shift” in the real world. Thus, they bypass existing security solutions. These “unknown threats” or “everyday unknowns” are generated all the time. And by the time the security solutions recognize and block them, new unknowns have already been created. This renders them impervious to techniques such as smart signatures and threat hunting. Timing is also key here. By the time security solutions identify these “everyday unknowns” as threats, organizations are already exposed. This may take hours or even days.

Automation in Cyber Attacks: A Growing Trend

This trend of automation in cyber attacks is expected to continue and even grow in 2020. We’ve published in-depth studies that show how hackers plan their attacks. Automation and in-built evolution are now a permanent part of an advanced attacker’s arsenal.
The traditional security tools currently in use by most enterprises are no longer capable of dealing with this new automated threat.
To check if your current email security protects you from these attacks, use BitDam’s Breach & Attack Simulation tool, available at https://bitdam.com/bas/.

Schedule a Demo

Enter your email to get a free trial invitation