The researchers observed a 4.8% decline in unique attacks in Q3 compared to the previous quarter, the first time they have recorded a reduction since the end of 2018. They said that this trend was primarily by a decline in ransomware attacks and the fact that a number of large cybercrime gangs have seen their activities curtailed by law enforcement. This includes successful actions against the notorious REvil ransomware group, which US authorities forced offline in October.
Positive Technologies recorded 45 ransomware attacks in September, representing a 63% reduction compared to the peak number of attacks in April (120).
The decline in ransomware helped explain why attacks aimed at compromising corporate computers, servers and network equipment fell from 87% to 75% quarter-on-quarter, according to the authors.
The report also noted a rebranding of a number of existing ransomware gangs in Q3. For example, some of these threat actors are rethinking their preference for ransomware-as-a-service (RaaS) due to concerns about relying on third parties.
Ekaterina Kilyusheva, head of research and analytics at Positive Technologies, commented: “In Q2, we predicted that one of the possible scenarios of ransomware transformation would be that groups abandon the RaaS model in its current form. It is much safer for ransomware operators to hire people who will deliver malware and search for vulnerabilities as permanent ‘employees.’ It will be safer for both parties, as more organized and efficient all-in-one forms of cooperation can be created. In Q3, we saw the first steps in this direction. An additional boost for this transformation is the development of the market of initial access.”
While the overall malware attacks fell by 22% over this period, the analysis revealed a significant increase in the use of remote access Trojans, driven by attackers’ growing desire to access data. In regard to attacks against organizations, the share of remote access Trojans increased from 17% to 36%. Against individuals, it made up over half of all used malware.
Another notable trend outlined in the study was that the share of attacks conducted by APT groups rose to 5% in Q3. The researchers believe this is due to a large number of phishing and intelligence campaigns against employees of government agencies, industrial enterprises and media workers.