Positive Technologies Experts we analyzed the current cyberattacks in the first quarter of 2022 . The analysis showed that the total number of attacks increased by 14.8% compared to the fourth quarter of 2021. There is also the emergence of new trends in the method of attacks, among which is the spread of malware aimed at destroying data.
According to the study, in the first quarter of 2022, the number of attacks increased by 14.8% compared to the fourth quarter of 2021. Experts attribute this to the aggravation of the confrontation in cyberspace. Most often, government and medical institutions, industrial organizations were attacked. There are noticeable changes in the top five most attacked industries: the media turned out to be here. The share of attacks directed at this industry is 5%.
In the first quarter of 2022, the number of attacks directed at state institutions increased almost twice compared to the data of the fourth quarter of 2021. The actions of the attackers were mainly aimed at violating the main activities of organizations, as well as stealing confidential information.
In the second half of the quarter, experts noted a surge in attacks on the web resources of various government agencies. The share of attacks on web resources in the study period increased to 22% compared to 13% observed in the previous quarter. The share of attacks that became possible due to compromise or selection of credentials has increased. Basically, such attacks were carried out on web resources and company accounts in social networks. The actions of the attackers were mainly aimed at stealing confidential information: for organizations, this is primarily personal data (34%), as well as information constituting a trade secret (19%). Medical information (15%) and credentials (12%) were popular. In attacks on individuals, credentials were mostly stolen (46%), as well as personal data (19%) and payment card data (21%).
Attackers are actively distributing infostealers — spyware aimed at stealing information, including credentials. Of particular interest are the credentials of various VPN services, which are subsequently sold on shadow forums. Among the malware used in attacks on organizations, the share of spyware is 18%, in attacks on individuals — 38%.
Positive Technologies experts noted the appearance of vipers that destroy data:
«In the first quarter of this year, we observed an increase in the number of attacks using vipers — malware for data deletion: for organizations, their share is 3%, and for individuals — 2%, — he says research group analyst Positive Technologies Ekaterina Semykina. — Among such “purifiers” of data that became widespread in the first quarter, it can be noted WhisperGate , HermeticWiper , IsaacWiper , DoubleZero , CaddyWiper . Interestingly, what in some cases such a VPO simulated an attack by a ransomware program: messages were even sent to the victims with information about the ransom, but the decryption keys were not provided, and the data was irreversibly damaged. The ways of distributing vipers are diverse: for example, HermeticWiper was distributed through a network worm, and DoubleZero was contained in archives distributed in targeted phishing attacks. In the case of CaddyWiper, attackers usually already had access to compromised networks of organizations. In order not to become a victim of vipers, we recommend checking all files in a virtual sandbox environment and isolating business—critical network segments.».
The full text of the analysis can be found on the Positive Technologies website .