Q4 2020 in terms of DDoS attacks: DDoS market fall, bitcion rise, careful prognoses.
With privacy more often than not being traded for convenience, we believe that for many 2020 has fundamentally changed how much privacy people are willing to sacrifice in exchange for security and access to digital services.
Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world, 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus.
The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level of medical infrastructure, coupled with feasible across-the-board digitalization, led to many of our last year’s predictions coming true much sooner than expected.
Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. Ransomware attacks were defeated on the computers of 121,579 unique users.
If Q2 2020 surprised us with an unusually high number of DDoS attacks for this period, the Q3 figures point to a normalization. Judging by the number of unique targets, in comparison with last quarter, cybercriminals were more attracted by European, and less by the Asian countries.
Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event.
Let’s talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components.
During the second quarter Kaspersky solutions blocked 899,744,810 attacks launched from online resources across the globe, as many as 286,229,445 unique URLs triggered Web Anti-Virus components.
Kaspersky solutions blocked 726,536,269 attacks launched from online resources across the globe, a total of 442,039,230 unique URLs were recognized as malicious.
Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, delivery services, and gaming and educational platforms.
In the last quarter of the year, the number of both attacks and C&C servers fell sharply, while the number of extra-long attacks (over 400 hours) was the highest ever recorded in the history of our observations.
More than two years after the infamous Wannacry ransomware crippled medical facilities and other organizations worldwide, the healthcare sector seems to be learning its lesson, as the number of attacked medical devices in 2019 decreased globally.
With the dramatic increase in the amount and transfer speed of connected devices, comes natural expansion and amplification of the threats. The evolution, development, and connectivity of numerous systems within 5G opens the door for numerous threats.
The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.
A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before.
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.