A new report from Infoblox says that among the most common types of cyber crime in the third quarter of 2020 were phishing, non-payment/non-delivery schemes, extortion, and personal data breaches. Topping the list with the highest reported monetary losses were business email compromise and confidence/romance fraud and spoofing.
The report was based on threat activity publicly released from July 1, 2020 through September 30, 2020 and its analysis of malware campaigns and recent significant attacks. Infoblox mapped its analyses to the results of the FBI’s Internet Crime Complaint Center, which logged more than 460,000 complaints amounting to losses of over $3.5 billion.
“We see evidence that these trends will continue to increase over time due to expanding opportunities for exploitation by cyberattackers, such as the recent increase in teleworking,” Infoblox said. “Our researchers continue to see a large emphasis on email campaigns and socially engineered attacks designed to engage victims.”
“For the majority of threats to be successful, the intended victims must “interact and cooperate” with the malware’s deception tactics,” Infoblox said. COVID-19 and teleworking hacking opportunities also exploded during the quarter due to the rise in teleworking among commercial and government organizations. As a result of the pandemic unfolding quickly, organizations had to scramble to support a large-scale remote workforce.”
Some of the most commonly seen culprits in the report include:
Valak malware loader delivers the IcedID banking trojan which steals banking credentials, credit cards and other financial data.
Vidar steals credit cards, usernames, passwords and files, and can take screenshots of a user’s desktop and steal cryptocurrency wallets.
A malspam campaign delivering the Emotet banking trojan surfaced after a five-month hiatus by the threat actor. Emotet steals passwords, banking data and browser histories.
Qakbot, aka Qbot, steals victim’s banking information and files. It also has worm capabilities that allow it to spread itself to other systems utilizing the same network.
MassLogger infostealer malspam
MassLogger, which was written using .NET, a programming framework developed by Microsoft, can log keystrokes and clipboard data, take screenshots and steal credentials from popular browsers.
njRAT malware, which is also known as Bladabindi and Njw0rm, is a remote access trojan and infostealer that can operate undetected on victims’ machines while sending sensitive information back to its command and control servers.
Metamorfo banking trojan
Metamorfo is a banking trojan that can steal sensitive financial information and exfiltrate it to a C&C server. It deploys evasive techniques to bypass security and deliver its payload.