Avast , the world leader in digital security and privacy, today released its Threat Report for the third quarter of 2021. In this period, the Avast Threat Lab has observed an increase in risk. Of businesses and consumers being attacked by ransomware and Remote Access Trojans (RATs). RATs can be used for industry espionage, credential theft. Harassment and even, to carry out distributed denial of service (DDoS) attacks. Threat researchers also looked at innovations in the cybercrime space. Constantly evolving, with new mechanisms used by exploit kits and the Flubot mobile banking Trojan.
Ransomware and RATs put businesses at risk
In early Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with the Sodinokibi / REvil ransomware. Avast Threat Labs detected and blocked this attack at more than 2.4k endpoints. Following political involvement, the ransomware operators released the decryption key, and the Sodinokibi infrastructure fell, with no new variants seen until September 9, when Avast detected, and blocked, a new variant . Overall in Q3, Avast Threat Labs saw the risk ratio for ransomware attacks rise 5% from Q2, and even 22% from Q1 2021.
RATs were also a dangerous threat to businesses and consumers. Which were more extended in the third quarter than in the previous ones. Avast detected three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 that added grabbing capabilities. camera photos, file theft and anti-AV.
“RATs can be a fundamental threat to businesses. Since they can be used for industrial espionage ”. Said Jakub Kroustek, Director of Malware Research at Avast. “However, RATs are also used against consumers. For example to steal their credentials, to add their computers to a botnet to direct DDoS attacks and, unfortunately, for cyberbullying, which can do massive damage to an individual’s privacy and well-being. “
Growing distribution of rootkits, innovation in exploit kits and mobile banking Trojans
The Avast Threat Lab also recorded a significant increase in rootkit activity at the end of the third quarter, which was one of the largest increases in activity in the quarter. A rootkit is malicious software that provides unauthorized access to cybercriminals, with the highest system privileges. Rootkits often serve other malicious programs in user mode.
Another category of malware that seems to be making a comeback is exploit kits, with notable innovations such as targeting vulnerabilities in Google Chrome. The most active exploit kit was PurpleFox, against which Avast protected more than 6,000 users per day, on average. Rig and Magnitude were also frequent throughout the quarter. The Underminer Exploit Kit woke up after a long period of inactivity and began serving HiddenBee and Amadey sporadically . Some exploit kits, especially PurpleFox and Magnitude, are in full development, regularly receiving new exploit capabilities and features.
Avast also spotted new tactics on the mobile front
With FluBot, an SMS banking threat on Android, he changed his approach to social engineering. Jakub Kroustek said: “Flubot first spread by posing as delivery services to entice victims to download a ‘tracking app’ for a package they recently lost or should be waiting for. In the third quarter, Avast has seen novel scenarios in the spread of this malware.
An example is posing as voicemail recorders. Another is the false claim of leaked personal photos. The most extreme of these variants even lures the victim to a bogus page claiming that the victim was already infected by FluBot. When it probably hasn’t been yet, and tricks her into installing a ‘cure’ for the ‘infection’. This ‘cure’ would actually be the FluBot malware itself ”.
Flubot continued its expansion from the point in the second quarter. Starting with Spain, Italy and Germany, and then spreading to the rest of Europe and other countries such as Australia and New Zealand.
If you don’t want to miss any details about video games, technology, anime and series, stay tuned for our news section .