The IT Nerd

With 732 million users worldwide, TikTok, a trending video-sharing platform, is one of today’s most popular social media networks. During the lockdown, the app’s short and amusing videos drew a lot of attention, but it was not long before cybercriminals took advantage of TikTok’s fame for their own gain.

According to the data presented by the Atlas VPN team, TikTok was the most impersonated app in Covid-19 related to Android app scams in the first half of 2021. There were a total of 88 TikTok copy-cat apps detected spreading FakeApp malware. 

Malicious applications impersonating organizations that give out free laptops to students were also highly prevalent. There were 37 bogus Android laptop registration applications detected in H1 2021. 

The third spot on the list is occupied by apps impersonating vaccine registration channels. Overall, 14 such malicious applications were found in the first half of this year.

Fake apps often imitate login pages of the official apps to harvest user’s credentials and other personal data. They are typically distributed through third-party app stores, but on occasion, fake apps make it to the official Google Play store as well.

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, gives advice on how to recognize fake applications:

“What makes fake apps so dangerous is that they are typically designed to look exactly like an official app, making them hard to spot. The best defense consumers have against falling prey to fake app downloads is knowing what to look out for. Reading the app‘s reviews, taking some time to research the developers, and reading the permissions agreement are just some of the things consumers should do before proceeding with an app.”

The US most affected by Covid-19-related threats

Apart from fake apps, cybercriminals have launched multiple other cyberattacks leveraging the global pandemic, including phishing campaigns, malicious URLs, as well as malware.

While cyberattacks were widespread across the world, some countries suffered more than others. In total, 35.9% of such threats affected the United States in the first half of 2021.

Other highly affected countries include Germany (18.9%), Colombia (10.5%), Italy (3%), and Spain (2.5%).

To read the full article, head over to: https://atlasvpn.com/blog/tiktok-was-the-most-often-forged-app-linked-to-covid-19-in-2021-h1

Cryptojacking is the unauthorized use of someone else’s device to mine cryptocurrency. It typically happens when a victim unknowingly installs cryptocurrency miner malware through a phishing link, malicious website, or software download, enabling the criminals to access the victim’s device.

According to the data presented by the Atlas VPN team, cryptocurrency miners were the most common malware family, with 74,490 such threats detected in the first half of 2021.

Crypto-mining malware is not easily discoverable on victims’ devices, making it a continuouslyprofit-generating cyberattack. The anonymity of cryptocurrencies is very convenient for threat actors, as they can benefit from their victims without being caught.

In addition to cryptocurrency miners, WannaCry ransomware threats were seen 61,068 times in the first half of 2021. WannaCry is a ransomware cryptoworm, which targets devices running the Windows operating system and spreads across networks.

What is more, malware detection infrastructure identified 39,612 webshell threats in H1 2021. A webshell attack happens when a malicious user successfully exploits web servers and enables remote access to the affected machines.  

Security infrastructure also detected 39,095 Downad adware threats and 35,276 Nemucod trojan threats.

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on cryptocurrency mining malware:

“Cryptocurrency mining malware has allowed cybercriminals to earn profit with more efficiency and less effort. Unfortunately, attack victims are often left with higher electricity bills and slower device performance, the latter of which can make them more susceptible to information theft, hijacking, and other subsequent cyberattacks. ”

Most active crypto miners

Cybercriminals seek to infect as many computers as possible to increase their profits. Different types of crypto miners help hackers turn computers into robots with one task only — generating more cryptocurrency. 

The most active cryptocurrency miner in the first half of 2021 was MalXMR, with 44,587 detections.

Coinminer came up second with a total of 8,533 detections in H1 2021. Coinminer can usually be found on Android phones in fake versions of popular apps from third-party sources. Some crypto miners were even found on Google Play Store apps.  

Other active crypto miners in the top five include ToolXMR (6,419), CoinMine (4,082), andMalBTC (2,328).

To read the full article, head over to: https://atlasvpn.com/blog/crypto-miners-were-the-most-detected-malware-family-in-h1-2021

Facebook has had its fair share of security mishaps over the years, and 2021 is no exception. This may explain why a record number of people in the United States are scouring the web for information about Facebook account hacks.

According to the data analyzed by the Atlas VPN team, average monthly searches for the keyword ‘Facebook account hacked’ have grown by a whopping 93% since last year. This year alone, US internet users have looked up the keyword 159,000 times compared to 82,300 times in the entire year of 2020.

If we look at the historical data, the searches for the keyword ‘Facebook account hacked’ have increased a whopping 188% since 2016 when they were at 55,208

The keyword reached a record number of monthly searches in July of 2021 when it hit 40,000. The second most searches for the keyword were recorded in April of this year, totaling 28,000. Meanwhile, May 2021 occupies the third spot on the list with 25,000 searches.  

Peaks in the keyword searches this year coincide with Facebook’s security crisis. In April, sensitive data, including phone numbers of 533 million Facebook users from 106 countries was scraped and posted on a hacking forum.

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation: 

“While Facebook had its fair share of security and data breaches in the past, Internet searches about hacked Facebook accounts only blew up this year. It suggests that people are getting more conscious about their cybersecurity. ”

To read the full article, head over to: https://atlasvpn.com/blog/us-online-searches-for-facebook-account-hacked-surge-93-percent-ytd

Cybercriminals are constantly attempting to exploit vulnerabilities that affect as many people as possible to maximize their profit opportunities.

According to the recent Atlas VPN team findings, Google and Microsoft accumulated the most vulnerabilities in the first half of 2021. Although not all exposures can cause critical damage, hackers could exploit some of them for severe attacks.

Google had 547 accumulated vulnerabilities throughout the first half of 2021. Exploiting Google products like Chrome is popular among cybercriminals. 

Next up, the second most exposures were found in Microsoft products — 432. State-sponsored threat actors from China abused Microsoft Exchange Server vulnerabilities to carry out ransomware attacks.

Oracle registered 316 total vulnerabilities in the first six months of 2021. Usually, the exploits are found in Oracle WebLogic Server, which functions as a platform for developing, deploying, and running enterprise Java-based applications. 

Networking hardware company Cisco accumulated 200 vulnerabilities. Lastly, the producer of software for the management of business processes SAP had 118 exploits in total.

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on Microsoft and Google vulnerabilities:

“Exploiting vulnerabilities in Google or Microsoft products allow cybercriminals to probe millions of systems. While the tech giants are doing a fair job of keeping up with exploits and constantly updating their software, people and organizations need to follow suit and keep up with the updates to prevent further exploitation.”

Vulnerability tiers

Exploits that can be turned into a severe attack get more attention from cybercriminals and companies themselves to fix the flaw as soon as possible.

In the first half of 2021, there were 1,023 vulnerabilities found with a risk tier of 10. One of the exploits that applied to such a tier is CVE-2021-22986, with a score of 9.8.

National Vulnerability Database (NVD) issued risk tier 9 to 927 vulnerabilities. At this tier, exploit CVE-2021-28111 stood out with a score of 8.8.

NVD recorded most vulnerabilities at a risk tier of 8 — 2,164. A notable exploit was CVE-2021-24092, with a score of 7.8.

Finally, NVD recorded 501 vulnerabilities at risk tier 7. While second-most vulnerabilities — 1,765 — were found at tier 6.

To read the full article, head over to:https://atlasvpn.com/blog/google-and-microsoft-accumulated-the-most-vulnerabilities-in-h1-2021

According to data presented by Atlas VPN, social media attacks on payment services increased by 561.8%, comparing 2021 Q1 to 2021 Q2. Social media platforms have many weak points that allow threat actors to carry out various types of internet crime. 

The data is supplied by PhisLabs, where researchers analyzed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and their brands. 

“There are countless attack vectors, and social media has not been at the forefront for most threat actors. Yet, we see a different trend in the first half of 2021 – cybercriminals increasingly use impersonation, fraud, and other cyber threats to attack businesses on social media,” says Edward Garb, a cybersecurity researcher at Atlas VPN. 

While attacks on payment services increased the most, other industries also experienced significant growth in threats.  

Hospitals and healthcare enterprises also saw a massive jump in attacks. Attacks on healthcare companies increased by 187.8%. Hackers also carried out significantly more attacks on businesses in the broadcast media industry, with a steep surge of 112.5%. 

Fraud looms on social media  

Individuals and brands encounter various types of threats on social media. Here, we will analyze the most prominent attack types in 2021 Q2. 

Fraud is by far the most common type of internet crime that plagued businesses. Nearly half of the threats encountered (45.6%), fall under the fraud category. Compared to Q1, fraud threats escalated by 23.7%.

To read the full article, head over to: https://atlasvpn.com/blog/social-media-threats-for-payment-services-jump-over-550-in-2021-q2

The recent Taliban takeover of the government in Afghanistan has brought a lot of chaos upon the nation. Cybercriminals are seeing that such disorder in the country is another chance for them to benefit. 

According to the Atlas VPN team data analysis, Afghanistan became the primary target for ransomware attacks worldwide. in the last month. Providing security for companies’ staff and customers will be extremely difficult in now Taliban-ruled land. 

In the past 30 days, cybercriminals launched 1.77% of all ransomware attacks at Afghanistan. Hackers noticed that businesses in the Taliban governed country right now are very vulnerable. 

While businesses are trying to adapt to a new political system, they also have to worry about the uprising of ransomware. The Taliban coup has made it difficult for local small companies to continue operating due to disruptions in the supply chain and transportation. 

A successful ransomware attack on the local Afghanistan business could ruin it completely. The company would have a tough time paying the ransom as bank owners fear completing business transactions while thousands of Afghans are standing in crowds to withdraw their money. 

Other countries such as Papua New Guinea have suffered from 1.69% of ransomware attacks. Pakistan follows third, being threatened by 1.36% of attacks. 

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on ransomware attacks directed at Afghanistan: 

“Threat actors are launching ransomware attacks at Afghanistan during this challenging period. While organizations have to deal with the shortage of skilled workforce and cut foreign relationships, a cyberattack could mean the end of a company, worsening the economic situation in Afghanistan even more.”

Most used ransomware 

Most ransomware works similarly by encrypting the user’s information and asking for a ransom payment to unlock it. 

Trojan-Ransom.Win32.Wanna.m malware was used in 14.64% of ransomware attacks in the past month, making it the most popular. This family belongs to the WannaCry type malware, which encrypts user files. 

Next up is the Trojan-ransom.win32.Crypmodadv.gen ransomware which hackers applied in 9.79% of attacks. As soon as Trojan is injected, it will encrypt the victim’s computer while placing a ransom note with the requested amount. 

Following up is the Trojan-Ransom.WIN32.Phny.a ransomware exploited by 9.32% of cybercriminals. 

Lastly, we have Trojan-Ransom.win32.Crypren.gen and Trojan-Ransom.Win32.Wanna.zbu malware, which were used in 5.64% and 5.13% of ransomware attacks, respectively. 

To read the full article, head over to: https://atlasvpn.com/blog/afghanistan-became-the-primary-target-for-ransomware-attacks-in-the-past-month

According to the data presented by the team of Atlas VPN, 50% of businesses worldwide have experienced recurring attacks from the same hackers, with companies in the United Kingdom suffering the most.

What is more, out of the businesses that experienced repeated attacks, a whopping 61% of them did not remediate the breaches, leaving the companies vulnerable to any further attacks.

Companies in the UK have had the most repeat cybersecurity incidents — 55%, followed by organizations in North America (50%), Europe (49%), and Latin America (48%).

The top five security threats affecting organizations are cloud vulnerabilities (65%), denial of service attacks (60%), phishing and social engineering attacks (52%), malicious insider threats (45%), as well as DNS-based attacks (44%).

Low-value security alerts and shortage of staff are the main security  challenges for organizations

As cyber attacks are growing more sophisticated, breaches are becoming everyday events rather than worst-case scenarios. But what are the challenges that organizations face when dealing with cyber incidents?

The number one challenge of survey respondents is that their systems generate too many low-value security alerts. When security analytics systems cannot effectively prioritize alerts, it wastes the team’s time by asking it to clear low-value alerts while highly important alerts linger at the bottom of the queue. Therefore, 69% of companies see it as a significant challenge.

Shortage of staff is another prevalent issue. In total, 60% of companies have a shortage of in-house expertise that could utilize security technologies, 56% say they lack the staff to pick up the workload, while 53% lack employees or skills to deliver lasting data-driven outcomes. 

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation:

“As long as organizations do not address existing vulnerabilities and security issues, they risk being hit by cybercriminals again. Organizations should prioritize internal processes that they can control over external security risks that they cannot. ”

To read the full article, head over to: https://atlasvpn.com/blog/50-of-companies-targeted-by-same-hackers-in-repeat-attacks

Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people.

According to recent Atlas VPN team findings, 43% of all malware downloads are malicious office docs. Harmful office files are popular among cybercriminals as they usually can evade many antivirus software from detection.

A year ago, in the second quarter of 2020, only 14% of all downloaded malware were malicious office docs. After that, in the third quarter of last year, the percentage jumped to 38%. 

Later on, downloaded malicious office documents slightly decreased to 34% in Q4 2020 and Q1 2021. Despite that, downloaded malware as office documents went right back up to new highs at 43% the next quarter.

One of the most dangerous malware EMOTET was spread via Word documents before being disrupted in early 2021 by global law enforcement. What made EMOTET dangerous is that it opened doors for other malware installations such as information stealers, trojans, and ransomware.

It seems EMOTET’s success spread quickly in cybercriminal groups, inspiring more hackers to try out a similar technique. Another reason for malicious document success is that they can bypass antivirus and tend to manipulate being a trustworthy source.

For example, cybercriminals would mask malicious files and emails during the pandemic as registration for the vaccine or other financial benefits. It is easier to make people fall for malware when it is associated with reliable documents.

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on malware attacks:

“Cybercriminals have benefited from the popularity of Microsoft Office and Google Docs by inserting malicious code into the files. Organizations must implement and maintain a cybersecurity strategy addressing both the technological and human components to protect users from falling victim to malware threats.”

To read the full article, head over to: https://atlasvpn.com/blog/43-of-all-malware-downloads-are-malicious-office-documents

According to the data presented by the Atlas VPN team, social engineering cyberattacks were the primary cause of company breaches in 2020 at 14%, followed by advanced persistent threats (10%), unpatched systems (9%), and ransomware (9%).   

With social engineering attacks, criminals use a broad range of manipulation tactics to trick victims into giving out sensitive information or making security mistakes, such as revealing passwords, bank information, or giving away access to their devices.

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation:

“The myriad of technology-based security solutions available today, such as anti-malware software, firewalls, and VPNs, give people a false sense of security. While these technological solutions do improve online safety, the reality is that most security breaches are caused by human error. No technology solutions will help if people will continue to fall for social engineering tricks.”

Overall, 35% of organizations claim they experienced an increase in attacks compared to a year ago, with over one-fifth (23%) of companies stating that threat actors took advantage of the COVID-19 pandemic to disrupt organization’s activities.

Companies fear cyberattacks will damage their reputation

No company is immune to cyberattacks, while their consequences can be devastating. Naturally, companies are concerned about cyberattack threats.

Corporate reputation is increasingly being recognized as the most important strategic asset in a company’s value creation. Therefore, the number one concern for organizations regarding cyberattacks is the damage to a company’s reputation. A whopping 78% of companies are afraid cyberattacks may harm their company’s image.

Next up is data breaches resulting in customer physical or financial harm. Damage to clients is a major worry for 69% of organizations. Meanwhile, 49% of companies are also distressed about cyberattacks on the supply chain or business disruption.

To read the full article, head over to: https://atlasvpn.com/blog/social-engineering-attacks-were-responsible-for-the-majority-of-business-breaches-in-2020

Decentralized finance (DeFi) is a system that allows for financial products to become available on a public decentralized blockchain network.

According to the recent Atlas VPN team findings, DeFi related hacks make up 76% of major hacks in 2021. In addition, many fraudsters have started fake DeFi projects to benefit from the crypto industry hype.

Even though the first Ethereum based protocol MakerDAO for DeFi was released in 2017, hacks abusing the system were not recorded until 2020. In 2019, money lost to hacks was mostly from phishing, ransomware, and other cyberattacks.

A year later, in 2020, DeFi hacks already made up one-quarter of all funds lost to hacks that year — $129 million. One of the biggest DeFi hacks that happened last year was the attack on Harvest Finance that resulted in a loss of over $24 million.

In the first half of 2021, DeFi hack losses have reached $361 million, surpassing last year’s total losses by 180%.

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on DeFi hacks and fraud:

“The crypto industry has generated a lot of excitement, however, many newcomers are unaware of the risks. Lack of regulation in the crypto industry allows cybercriminals to thrive either by hacking less secured DeFi projects or by carrying out rug pull scams. For DeFi to become more legitimate, it is essential to establish security and business regulations.”

DeFi crime is on the rise

All DeFi crimes generally fall into one of the two categories: outside agents hacking the DeFi protocol or a rug pull conducted by insiders.

DeFi fraud and hacks combined for a total of $474 million lost in the first half of this year. As established before, DeFi hacks made up $361 million of the total loss, while $113 millionwere stolen by DeFi fraudsters.

This year, the biggest DeFi hack happened in May when the PancakeBunny protocol faced a flash loan exploit that extracted $45 million worth of crypto assets. The immediate sale of these tokens made the price of BUNNY tokens sink from $146 to $6.

In June 2021, DeFi project WhaleFarm rug pulled $2.3 million from investors. After running just for a few days, the project’s anonymous developers vanished with the funds while their token lost 99% of its value.

To read the full article, head over to: https://atlasvpn.com/blog/defi-related-hacks-account-for-76-of-all-major-hacks-in-2021