AhnLab announced ‘Security threat trends for the first half of 2022’ based on statistics for each malware and cyber attack detection.
AhnLab derived the malicious code collected by the AhnLab Security Response Center (ASEC) using its dynamic code dynamic analysis system ‘RAPIT’. ▲Statistics for each malicious code and experts from AhnLab’s Computer Emergency Response Team (CERT) Among the attack attempts detected/blocked while performing ‘AhnLab Security Control Service’, ▲statistics by attack type ▲attack detection rate by industry were analyzed and security threat trends for the first half of this year were announced.
Statistics by malware: ‘Infostealers’, which target information from individuals and organizations, account for the highest proportion
In the first half of this year, information leak-type malware accounted for the highest percentage, and various types of malware, including backdoor and banking malware, were also discovered.
As a result of analysis by AhnLab Security Response Center (ASEC), ‘Infostealer malware’, which steals various user information such as user web browser account information, cryptocurrency wallet information, email or VPN client information, accounts for 66.7% of the total. accounted for the highest percentage. In second place was ‘backdoor malware’, which attackers install on systems for the purpose of carrying out future attacks, accounting for 18%. In addition, ‘Banking malware (6.7%)’, which steals users’ financial information, and ‘Downloader malware (5.9%)’, which additionally downloads various malicious codes from an external server, followed. .
Attackers can use stolen account information using ‘Inpostealer malware’ for secondary attacks. ‘Backdoor malware’, which ranked second, can also perform additional malicious actions by receiving external commands. Accordingly, special caution is required as more serious attacks, such as internal infiltration, leakage of key confidential information, and ransomware infection, may occur against companies and organizations in the future.
Statistics by attack type: Prevalence of attacks targeting web and application vulnerabilities
As many cyber attacks exploiting vulnerabilities were detected in the first half of this year, attention to vulnerability inspection and management is required.
As a result of analysis of attack attempts detected/blocked in the first half of this year by experts from AhnLab’s Computer Emergency Response Team (CERT), the most common type of attack was ‘web-based attack (41%)’, including web vulnerability attacks and SQL injection attacks. %)’. In addition, ‘Application vulnerability attacks (38%)’ ranked second, followed by ‘Scanning (information collection) attacks (7%)’.
In particular, security threats exploiting vulnerabilities in applications and the web are occurring regardless of an organization’s IT environment, including cloud and traditional server configurations. Therefore, security managers within an organization must frequently check vulnerabilities in the applications and web servers used and apply security patches immediately after distribution.
Attack detection rate by industry: High proportion of content sectors such as broadcasting and game development
Cyber attacks were carried out evenly across all industries, with a relatively high rate in content fields such as broadcasting and game development.
As a result of AhnLab’s analysis, in the first half of this year, attacks on the broadcasting sector accounted for the highest proportion at 17%, followed by the game development sector at 13%, showing a relatively high rate of attacks on the content and media sectors. In addition, attack attempts were detected targeting various industries, including education (10%) and the dot-com (IT) sector (9%).
It is presumed that the attackers were targeting the characteristic that people working in the content/media field communicate and collaborate relatively frequently with the outside world via email. In particular, in the case of classification by industry, the variation in attack proportions by rank is not high compared to other statistics, showing that attackers are carrying out attacks regardless of industry group.
To prevent damage from these security threats, individuals within the organization must ▲ refrain from executing attachments in emails of unknown origin ▲ apply the latest security patches for programs such as office SW, OS, and Internet browser ▲ maintain the latest version of the vaccine and implement real-time monitoring functions to ensure security. You must follow the rules.
In addition, at the organizational level, ▲ regular security checks and application of patches to PCs, OS (operating system), SW, and websites within the organization ▲ use of security solutions and implementation of security training for internal employees ▲ monitoring of authentication history for administrator accounts ▲ multi-factor authentication ( Preventative measures, such as the introduction of MFA (Multi-Factor Authentication), must be prepared.
Jeon Seong-hak, director of AhnLab Research Institute, said, “Recently, attackers use complex attack methods and various malicious codes to target organizations.” He added, “In order to effectively respond to increasingly sophisticated cyber attacks, integrated solutions that are not limited to specific security areas such as endpoints or networks are needed. “Threat information and security strategies are needed,” he emphasized.
Source: Pangyo Techno Valley Official Newsroom
→ Go to ‘Asian Innovation Hub Pangyo Techno Valley 2022’ news