Criminals pick their targets
The top trend experts identified is that targeted attacks continue to outnumber mass attacks. Targeted attacks accounted for 65 percent of the total in Q3, compared to 59 percent in Q2. The most common targets for attackers are governments, industry, finance, science, and education.
In Q3, the share of cyberattacks aimed at data theft grew to 61 percent of all attacks on organizations and 64 percent of all attacks on individuals (compared to 58% and 55%, respectively, in the second quarter). The share of attacks with direct financial motivation was 31 percent.
One out of five attacks was directed against individuals. Almost half (47%) of all data stolen from individuals consisted of credentials (usernames and passwords). In attacks on organizations, personal data made up 25 percent of all stolen information.
Changing attack methods
Positive Technologies noted a reduction in cryptocurrency miner attacks, to just 3 percent of attacks against organizations and 2 percent of attacks against individuals. This may be due to the gradual transition by attackers to malware with multifunction capabilities. One example is the Clipsa Trojan, which can stealthily mine cryptocurrency, steal passwords, tamper with addresses of cryptocurrency wallets, and launch brute-force attacks against WordPress sites.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies said: "Social engineering remains as popular as ever among attackers, and actually almost doubled in use between Q2 and Q3 - from 37 percent to 69 percent. Cybercriminals steal millions by forging messages and sending phishing emails. They present themselves as belonging to a trusted company and send an invoice with their own bank account number. This has generated some major returns for criminals targeting large organizations. For example, Cabarrus County, North Carolina received an email stating that the account number of the county's construction contractor had changed and -not realizing that the message was a fake - the county transferred $2.5 million to an account belonging to cybercriminals instead of the contractor.
“Malware infections are increasing as well. Three quarters of attacks on organizations, and almost two thirds of attacks on individuals, involved malware infections. While infection of corporate infrastructure usually starts with a phishing email, infection of individuals tends to involve compromised websites, as was the case in 35 percent of attacks on individuals.”