Positive Technologies: cyberattacks via social networks and messengers are increasing

Positive Technologies has analyzed the Q4 2022 cybersecurity threatscape. The analysis showed an increase in the number of spyware attacks against organizations and individuals. Experts noted an 18% increase in the share of attacks against IT companies and the growth of attacks against individuals via social networks and messengers.

According to Positive Technologies, the number of cyberattacks increased by 15% compared to the same period in 2021. There were outages in critical infrastructure, and major leaks of user data and product source code. Cyberattacks most often resulted in leaks of confidential information (51%) and disruption of core activity (36%). Q4 was marked by high-profile data leaks, including leak of the UEFI/BIOS source code, theft of repositories as a result of a phishing attack on Dropbox, and hacking of the Level.Travel customer information database. In attacks against organizations, attackers most often targeted personal data (38%) and intellectual property (20%). Attacks against individuals were mostly aimed at stealing login credentials (44%), personal data (29%), and bank card details (17%).

The top three attacked industries included government organizations (14%), medical institutions (11%), and industrial enterprises (8%). Attackers mostly used malware (57% in attacks against organizations and 46% in attacks against individuals) and social engineering techniques (42% and 94%, respectively). In 44% of attacks, hackers exploited vulnerabilities.

The share of attacks involving spyware grew by 17% in attacks against organizations and by 49% in attacks against individuals; this is respectively 5 p.p. and 3 p.p. more than in the last quarter. Attackers created new malware and extended their functionality, whereas the spread of spyware via a "malware-as-a-service" scheme made this malware accessible even to low-skilled attackers. There was also an increase in cases of embedding spyware code into Python packages. This can result in growing numbers of supply chain attacks leading to compromise of IT companies’ networks.

In Q4, we saw increased usage of remote-control malware: the share of attacks on organizations using such malware increased by 6 p.p. compared to the previous quarter.

In Q4, Positive Technologies noted a more than two-fold increase in the number of attacks on insurance companies compared to Q3. In 73% of attacks, information about clients was leaked: mostly personal data, and in some cases medical information. Stolen data can be used by cybercriminals for further attacks on customers or sold on the dark web. Ransomwarers are eager to get their hands on insurance information, because if they find out that an organization has cyberinsurance that covers the ransom, it’s an easy target: such organizations are very likely to pay up.

The number of attacks against IT companies increased by 18% in Q4. In 62% of such attacks, criminals used malware; these were predominantly ransomware attacks aimed at stealing confidential information and obtaining a ransom. The victims included software vendors for organizations from various industries. As a rule, such attacks lead to serious consequences not only for a supplier, but also for customers, as was the case of the attack on Supeo, an IT service provider for a Danish railway company.

Fedor Chunizhekov, Information Security Analyst at Positive Technologies, comments: "Attacks on individuals via social networks and messengers have been increasing since Q3 2022. The share of stolen credentials increased by 5 p.p. compared to the previous quarter. Most of the attacks using social networks and messengers are aimed at collecting credentials and hacking accounts; compromised accounts are then used for further attacks on users. Considering the types of incidents we’ve seen in Q4 2022, we strongly recommend that you treat messages from instant messengers and social networks with caution: check the sender and don’t click on any suspicious links to avoid becoming a victim of social engineering or having your device compromised by malware."

In addition to general recommendations for personal and corporate cybersecurity, we advise to thoroughly investigate all major incidents to identify points of compromise and vulnerabilities exploited by attackers, and to swiftly make sure that the criminals did not leave any backdoors. You can strengthen security at the corporate perimeter with the aid of cutting-edge security tools such as web application firewalls for protecting web resources. To prevent malware infection, we recommend using sandboxes to analyze the behavior of files in a virtual environment and detect malicious activity.