Avast company released its Q1/2022 Threat Report which reveals cyber threats revolving around the russia’s physical war against Ukraine.
The latest report shines light on a russia-attributed APT group attacking users in Ukraine, and DDoS tools being used against targeting russian sites, and ransomware attacks targeting companies in Ukraine.
Additionally, findings show that cybergangs have been affected by the physical war, causing a slight decline in ransomware, and the temporary discontinuation of the information stealer, Racoon Stealer.
Cyberwarfare: russia against Ukraine
Researchers often see parallels between what’s happening in the real world and the threat landscape when it comes to how threats are being spread and their targets.
In Q1/2022 there was a significant increase in attacks of particular malware types in countries involved in the war.
Compared to Q4/2021 there was:
– a more than 50% increase in the amount of remote access trojan (RAT) attacks
– more than 20% increase in information stealer malware attacks blocked in Ukraine, russia, and belarus, which could be used for information gathering or espionage
Besides, Avast Threat Labs blocked 30% more attempts to infect new devices to join botnets in russia, and a 15% increase in Ukraine, with the goal to build armies of devices that can carry out DDoS attacks on media and other critical websites and infrastructures.
They also blocked 50% less adware attacks in russia and Ukraine, which could be due to less people going online, especially in Ukraine.
Just before the war in Ukraine began, the Avast Threat Labs tracked several cyber attacks, believed to be carried out by russian APT groups.
Gamaredon, a known and active APT group, increased activity rapidly at the end of February, spreading their malware to a wide target pool, including consumers, searching for victims of interest in order to carry out espionage.
Ransomware called HermeticRansom, for which Avast released a decryptor tool for, was spread, presumably also by an APT group.
Ukraine war impacting cybercrime operations
Malware authors and operators have been directly affected by the war, such as the alleged death of the Raccoon Stealer leading developer, which resulted in the temporary discontinuation of the information stealer malware.
The Avast Threat Labs also continued to observe a slight decline of 7% in ransomware attacks worldwide in Q1/2022, compared to Q4/2021, which is believed to have been caused by the war in Ukraine, where many ransomware operators and affiliates operate from.
With this, ransomware attacks have decreased for the second quarter in a row.
In Q4/2021, the decline was caused by a cooperation of nations, government agencies, and security vendors hunting down ransomware authors and operators. Further causes for the decline could be one of the most active and successful ransomware groups, Maze, shutting down their operations in February, and the continued trend of ransomware gangs focusing more on targeted attacks on large targets (big game hunting) rather than on regular users via spray and pray techniques.
Mexico, Japan, and India, are exceptions, where the chance of a user encountering ransomware increased by 120%, 37% and 34% respectively in Q1/2022 compared to Q4/2021.
On the mobile side, bad actors are changing tactics when it comes to spreading adware and premium SMS subscriptions, which continue to be prevalent. While the Google Play Store has previously been used to distribute these threats, bad actors are now using browser pop-up windows and notifications to spread malicious apps among consumers.
Source: The Avast Threat Labs