In Q3 2021 there has been a decrease in the number of unique cyber attacks, however there's been an increase in the share of attacks against individuals, and also a rise in attacks involving remote access malware.
This is according to a new Positive Technologies report that found the number of attacks in Q3 decreased by 4.8% compared to the previous quarter, marking the first time since the end of 2018 that Positive Technologies has recorded a negative trend.
The researchers believe one key reason for the change is the decrease in ransomware attacks and the fact that some major players have quit the stage.
This is also why the share of attacks aimed at compromising corporate computers, servers, and network equipment has fallen, from 87% to 75%, the researchers state.
Positive Technologies head of research and analytics Ekaterina Kilyusheva says, "This year we saw the peak of ransomware attacks in April when 120 attacks were recorded. There were 45 attacks in September, down 63% from the peak in April.
"The reason is that several large ransomware gangs stopped their operation, and law enforcement agencies started paying more attention to the problem of ransomware attacks - due to recent high-profile attacks.
Positive Technologies also noted a trend toward the rebranding of existing ransomware groups. Some operators are rethinking their preference for the Ransomware as a Service (RaaS) scheme, which carries certain risks from unreliable partners.
Kilyusheva says, “In Q2, we predicted that one of the possible scenarios of ransomware transformation would be that groups abandon the RaaS model in its current form.
"It is much safer for ransomware operators to hire people who will deliver malware and search for vulnerabilities as permanent employees.
"It will be safer for both parties, as more organised and efficient all-in-one forms of cooperation can be created. In Q3, we saw the first steps in this direction. An additional boost for this transformation is the development of the market of initial access."
Positive Technologies research shows that although the share of malware attacks on organisations decreased by 22%, the attackers' appetite for data also led to an increase in the use of remote access trojans.
In attacks on organisations, this share grew from 17 to 36%, whereas in attacks against individuals, remote control trojans made up more than half of all used malware.
In Q3 the share of attacks involving remote access trojans increased 2.5 times over Q1. Positive Technologies' analysis shows that in Q3, the share of attacks conducted by APT group increased to five percent of the total number of attacks against users.
This was likely due to numerous phishing and intelligence campaigns against employees of government agencies, industrial enterprises, and media workers, the researchers state.
Compared to the same period last year, the share of social engineering attacks against individuals increased from 67 to 83%.
Moreover, criminals are constantly improving malicious techniques, for example, by tricking victims into calling fraudulent call centres, which is what happened with the BazaCall malware and ransomware campaign.
Positive Technologies advises organisations and users alike to adhere to general recommendations for ensuring corporate and personal cybersecurity in order to not for the usual cyber attack techniques.