Positive Technologies has released its recent Cyber Threatscape report, an analysis of Q2 2020 cyberincidents. The report says that there is evidence that ransomware operators have started cooperating with each other.
In the second quarter of 2020, the number of attacks increased by 9 percent compared to the first quarter—and by 59 percent compared to the second quarter of 2019. April and May 2020 were record-breaking in terms of the number of successful cyberattacks, likely the result of epidemiological and economic turmoil. Significant world events consistently lead to increases in cybercrime, providing fertile ground for social engineering attacks.
Among social engineering attacks in Q2 2020, 16 percent capitalized on the COVID-19 pandemic (compared to 13% in Q1). More than a third (36%) of such attacks did not target a specific industry, 32 percent targeted individuals, and 13 percent were aimed at government institutions.
The report shows that manufacturing and industrial companies are receiving a significantly larger share of attacks than before. Among attacks on organizations in Q2, such companies were targeted in 15 percent of cases, compared to 10 percent in Q1. Ransomware operators and cyberespionage APT groups are among those who seem to be the most interested in industrial companies.
Positive Technologies analyst Yana Avezova said: “Ransomware is one of the fastest-growing varieties of cybercrime. Groups now routinely threaten victims with publication of data if the victim fails to pay up. To sell the stolen data, many ransomware operators create special data leak sites where they publish a list of victims and the stolen information. Others publish the data on hacker forums. The operators of LockBit and Ragnar Locker went even further, teaming up with the “industry leader” Maze. The Maze operators now publish data stolen by other groups on their data leak site. Together, the groups have formed the so-called Maze cartel.”