AhnLab announced ‘Security Threat Trends for the Third Quarter of 2022 (July-September)’, which analyzed statistics by malware and cyber attack detection statistics.
AhnLab uses the malware collected by ASEC (AhnLab Security Response Center), a malware analysis and response organization, to use its malware dynamic analysis system ‘RAPIT’ to derive ‘malware-specific statistics’ and Ahnlab Infringement Response (CERT, Computer Emergency Response). Team) announced security threat trends for the third quarter based on ‘statistics by attack type’, which analyzed attack attempts detected/blocked by experts.
In the third quarter, ‘Infostealer’, an information leak type malware, accounted for the highest percentage following the first half, followed by ‘Downloader’ and ‘Backdoor’ malware for additional attacks.
As a result of analysis by AhnLab Security Response Center (ASEC), ‘Infostealer’, which steals various user information such as account information encrypted and registered in the user’s web browser, virtual currency wallet address, and files, recorded 55.1% of the total. It accounted for the highest proportion since the first half of last year. ‘Downloader’ malware, which additionally downloads other types of malware, ranked second with 22.6%. In addition, ‘Backdoor’ malware, which carries out additional attacks by receiving commands from the attacker, ranked third at 16.4%, followed by ransomware (4.7%), banking (0.8%), and coin miner (0.4%). It was followed by
Attackers can carry out a secondary attack using information stolen with ‘Inpostealer malware’. In particular, account information can be used for various crimes, such as trading on the dark web, YouTube account takeover attacks, and distributing malware. In addition to using the latest version of antivirus, users should make efforts to manage their personal information, such as disabling the automatic login function and changing passwords periodically. Downloaders and backdoors, which ranked second and third, can also serve as tools for secondary attacks, such as installing additional malware and executing attacker commands, so security managers must perform periodic inspections of organizational systems and assets to prevent chain damage.
Additionally, in the third quarter, attacks targeting vulnerabilities in applications and the web accounted for 80% of the total, and among them, ‘scanning attacks’ that search for vulnerabilities showed an increase.
As a result of analysis of attack attempts detected/blocked in the third quarter by AhnLab Computer Emergency Response Team (CERT) experts, ‘application vulnerability attacks (36%)’ targeting vulnerabilities in various applications occurred the most, and web ‘Web-based attacks (33%)’, which target vulnerabilities in servers or database servers connected to web servers or include SQL injection attacks, ranked second. Next was ‘scanning attack’ (11%), which searches for vulnerability information of services running on the network.
The 1st to 3rd places are all attacks targeting vulnerabilities, and the three attack types combined account for 80% of the total. In particular, ‘scanning (vulnerability information collection) attacks’, which ranked 3rd, increased sharply in September (average 13,031 in July and August → 64,431 in September), which can be interpreted as a preliminary preparation stage for a full-scale attack. . Therefore, security personnel at organizations or companies must make more efforts to manage security, such as frequently checking web and application vulnerabilities and applying the latest security patches.
In the classification by industry, security threats were found to occur evenly regardless of specific industry groups, and the proportion of attacks on content industries such as broadcasting, game development, and education was relatively high.
As a result of AhnLab’s analysis of attack detection rates by industry in the third quarter, content-related industries such as broadcasting (16%), game development (14%), and education (11%) ranked in the top three. This was followed by dot-com (IT, 9%), heavy industry (8%), and insurance (7%).
In the case of the proportion of attacks by industry, unlike statistics on malware or attack types, the deviation by rank is not high, showing that attackers are carrying out attacks regardless of industry.
To prevent damage from these security threats, individuals within the organization must ▲ refrain from executing attachments in emails of unknown origin ▲ apply the latest security patches for programs such as office SW, OS, and Internet browser ▲ maintain the latest version of the vaccine and implement real-time monitoring functions to ensure security. You must follow the rules.
In addition, at the organizational level, ▲ regular security checks and application of patches to PCs, OS (operating system), SW, and websites within the organization ▲ use of security solutions and implementation of security training for internal employees ▲ monitoring of authentication history for administrator accounts ▲ multi-factor authentication ( Preventative measures, such as the introduction of MFA (Multi-Factor Authentication), must be prepared.
Jeon Seong-hak, head of AhnLab Research Institute, said, “If you look at the threat trends in the third quarter, you can see that information theft and vulnerability attacks such as account information are prevalent across all industries.” He added, “These attacks can lead to larger cyber attacks in the future. “We need to prepare by establishing a security system from an integrated perspective, not just from a territorial perspective,” he said.
Source: Pangyo Techno Valley Official Newsroom
→ Go to ‘Asian Innovation Hub Pangyo Techno Valley 2022’ news