The IT Nerd

Ransomware in the hands of cybercriminals can become a powerful weapon that could cause your business financial and reputational damage.

According to the recent findings by the Atlas VPN team, in 2021, 48% of ransomware attacks were directed at the United States. Furthermore, industrial and energy, retail, and finance industry businesses were among the most threatened sectors.

Out of 2,845 witnessed ransomware attacks worldwide, cybercriminals launched 1,352 of them at the US last year. Cybercriminals targeted businesses that affected thousands, if not millions of people, such as the cyberattacks on Colonial Pipeline, JBS Foods, and Kaseya.

Cybercriminals targeted French organizations in 146 ransomware attacks. Last year, French cybersecurity officials identified a ransomware affiliate group Lockean, responsible for many cyberattacks launched at companies in France.

Organizations in Canada fell victim to 140 ransomware attacks in 2021. Threat actors primarily launched attacks on large companies or critical infrastructure providers as they have the most resources to pay.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on ransomware attacks:

“Ransomware attacks rose significantly against businesses and government entities in 2021, a trend likely to carry on to 2022. While organizations are scrambling for more cybersecurity resources, educating your employees about the best cyber defense practices is just as important.”

Most targeted industries

Many hacker groups target giant corporations because their disruption causes the most harm.

The industrial and energy sector suffered 599 ransomware attacks globally in 2021. Cybercriminals can disrupt usual gas and electricity flow and cause shortages by attacking energy infrastructure.

Threat actors chose businesses in the retail industry as targets in 545 ransomware attacks last year. Hackers target retailers when they are most vulnerable, such as during the Black Friday or Christmas sale seasons.

The finance industry experienced 355 ransomware attacks from cybercriminals. Hackers perceive financial organizations to be wealthy, thus making them potential targets with high payout opportunities.

To read the full article, head over to:
https://atlasvpn.com/blog/nearly-half-of-ransomware-attacks-globally-targeted-the-us-in-2021

According to data compiled and analyzed by Atlas VPN, threat actors attacked businesses more than 722 million times during the last 30 days worldwide. Over 73% of these hacking attempts were malware attacks.

Atlas VPN has retrieved and arranged data from Akamai, a cybersecurity behemoth that delivers real-time data on cyberattacks affecting their business clients. Being one of the world’s largest distributed computing platforms, Akamai catches a considerable number of threats. Currently, they are in charge of servicing between 15% and 30% of all web traffic worldwide. Hence, the real number of harmful threats enterprises face on a daily basis might be drastically higher.

Now, let’s jump back into dissecting the data. As mentioned before, a total of 722 million attacks were mitigated in the last 30 days, which comes out to nearly 23 million threats daily.

Akamai mitigated over 527 million malware threats in the last 30 days alone. Nearly three-fourths of all threats encountered by companies were malware attacks. 

Command & control cyber-attacks are also a major concern. Threat actors dispatched a total of 157 million C&C attacks, which represents 22% of all threats. On average, enterprises encountered 4.9 million C&C threats daily.

Finally, phishing attacks were found least often, but they still total 28 million attacks per month or 1.2 million hacking attempts daily. Phishing attacks comprised only 5% of the total volume of threats.  

Apart from analyzing the data by totals, percentages, and averages, we wanted to find out if global threats follow any type of trend.

Interestingly, it appears that fraudsters and organized crime groups have a similar schedule to the one in regular office jobs – 5 days on, 2 off. Yet, their days off are usually on Thursday and Friday. You can see this trend quite clearly by glancing at the second chart. 

To read the full article, head over to: https://atlasvpn.com/blog/hackers-attacked-businesses-over-700-million-times-in-last-30-days-globally 

Many crypto services have failed to build efficient security systems that would stop cybercriminals from exploiting flaws for personal gain at the expense of their victims. 

According to the data presented by the Atlas VPN team, more than $12 billion of crypto assets were stolen in the past 11 years. In addition, 40% of the funds were stolen from fraudulent exchanges, while Decentralized Finance (DeFi)-related hacks continue to surge. 

The first official security breach of a cryptocurrency exchange happened in 2011, while hackers stole $1 million in total throughout the year. Since then, the sum has continued to grow, reaching nearly $3.2 billion in 2021.

Crypto fraud exploded in 2019 when total losses accumulated to $3.8 billion, a 598% increase since 2018. As of now, fraudsters have stolen over $7.1 billion worth of crypto assets in the last 11 years.

DeFi hacks are the latest trend for cryptocurrency cybercriminals. It started in 2020, and hackers stole $149 million of crypto assets from DeFi exchanges. However, losses in DeFi breaches quickly grew in 2021, adding up to $1.7 billion in total.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on crypto-related hacks and scams:

“With the popularity of cryptocurrencies growing, it’s reasonable to say that crypto-related hacks and scams are not disappearing anytime soon. Many people are ignorant of the risks of investing in cryptocurrency because blockchain technology is still relatively new. Before putting money into a platform, make sure to research its technical and security capabilities.”

Fraudulent exchanges caused most losses

While there are plenty of trustworthy cryptocurrency exchanges, there are just as many fraudulent ones, which try to prey on people’s lack of knowledge of how to distinguish a legit crypto platform.

Fraudulent exchanges have stolen 40% of all lost crypto assets throughout 11 years. Fraudulent platforms are those involved in exit scams, illegal behavior, or whose funds were seized by the government.

Exchanges with very high money laundering risks were responsible for 24% of stolen crypto assets. Such exchanges allow the withdrawal of more than $2000 in crypto daily without KYC/AML (Know Your Customer/Anti-Money Laundering).

P2P exchanges with high money laundering risks have stolen 5% of total funds. Mixing services were responsible for 4% of stolen crypto assets

To read the full article, head over to: https://atlasvpn.com/blog/over-12-billion-in-crypto-stolen-in-the-past-decade

When cybercriminals launch attacks on health institutions, it puts in danger not only the organization but also patient lives.

According to the recent Atlas VPN team findings, over 40 million people had health information leaked in the United States in 2021 alone. Furthermore, the number of data breaches and patients affected by them has spiked tremendously.

In May 2021, 6.5 million people were affected by 50 breaches in health organizations. 20/20 EyeCare Network reported a significant compromise in May, leaking over 3 million people’s social security numbers, date of birth, and health insurance information.

In January, hackers stole information of nearly 5.8 million people throughout 29 breaches. Florida Healthy Kids Corporation suffered the biggest data breach of the year (in health organization context), which allegedly affected about 3.5 million people after a cyberattack on its web-hosting platform.

In July, 5.6 million people’s data was compromised by cybercriminals throughout 64 breaches. In the same month, Forefront Dermatology reported about their data breach, which may have exposed more than 2.4 million patient and employee records. 

Throughout August, another 40 breaches occurred, affecting 5.1 million people.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on cyberattacks against the healthcare industry:

“Healthcare institutions have not prioritized cybersecurity because many of them lack the financial resources to do so. However, as more cyberattacks are being launched at hospitals, they are starting to make changes. Healthcare organizations need to take their cybersecurity to the next level, as keeping patient data safe is their responsibility.”

Worrying uprise of cyberattacks

Health institutions are very lucrative targets for hackers as such organizations store an incredible amount of personal patient data.

In 2020, 15.1 million people suffered from health organization data breaches in the United States. In 2021, this number surged by 177% to the heights of 42 million victims.

The total number of compromises against health organizations also increased significantly from 257 data compromises in 2020 to a staggering 587 in 2021, a 128% increase. 

To read the full article, head over to: https://atlasvpn.com/blog/more-than-40-million-people-had-their-health-information-leaked-in-2021

Falling victim to a ransomware attack is one of the worst things that can happen to a company from a cybersecurity standpoint. No other attack damages the organizations’ reputation, finances, and operational activities like ransomware.  

Getting hit by ransomware means that hackers were able to steal and encrypt sensitive data. Usually, cybercriminals demand payment for the key that will allow the company to decrypt its files. Also, fraudsters promise to either remove or not make the stolen data publicly available on the dark web.

However, the situation usually pans out a bit differently in a real-life situation. Hackers tend to take the ransom and still publish the data. This is commonly known as double extortion.

Atlas VPN analysis builds on the recent Hi-Tech Crime Trends report by Group-IB.

Findings reveal that the second half of 2021 was a record period in terms of new data leak sites created on the dark web.

Researchers only found one new data leak site in 2019 H2. However, the situation took a sharp turn in 2020 H1, as DLSs increased to a total of 12. Similarly, there were 13 new sites detected in the second half of 2020.

2021 is a record year in terms of how many new websites of this kind appeared on the dark web. DLSs increased to 15 in the first half of the year and to 18 in the second half, totaling 33 websites for 2021, a 32% growth YoY.

Record number of companies affected

Last year, the data of 1335 companies was put up for sale on the dark web. However, this year, the number surged to 1966 organizations, representing a 47% increase YoY.

Yet, this report only covers the first three quarters of 2021. Meaning, the actual growth YoY will be more significant.

Organized crime groups to blame

Some people believe that cyberattacks are carried out by a single man in a hoodie behind a computer in a dark room. However, that is not the case.

Ransomware attacks are nearly always carried out by a group of threat actors. For example, a single cybercrime group Conti published 361 or 16.5% of all data leaks in 2021.

To read the full article, head over to: https://atlasvpn.com/blog/record-number-of-data-leak-sites-detected-in-2021

By exploiting found vulnerabilities or using people’s unawareness of good cybersecurity practices, threat actors launch different cyberattacks, which would affect a large audience and bring the most benefits.

According to the data presented by the Atlas VPN team, 73% of phishing sites impersonate Microsoft product-related pages. Furthermore, 50% of compromised accounts get accessed by hackers in 12 hours, and in a week, 9 out of 10 accounts are fully taken over by threat actors.

Cybercriminals impersonated Microsoft account login pages in 60% of phishing sites. As Microsoft products are used widely globally, threat actors find them the best targets to look for vulnerabilities.

Threat actors imitated Adobe Document Cloud login pages in 26% of phishing websites. By having access to the cloud, cybercriminals could inject malicious files into documents such as malware or ransomware.

Cybercriminals used fake Microsoft SharePoint login pages in 8% of their phishing sites. Once in control of the account, the attacker uploads a malicious file and then changes the file’s sharing permission to ‘public,’ allowing anybody to spread the link further. 

Microsoft Office 365 and OneDrive login pages were both impersonated by cybercriminals in 3% and 2% of phishing sites, respectively.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on business email compromises:

“One of the most common issues in email security is business email compromise (BEC). With access to Microsoft accounts, cybercriminals can deliver emails, host malicious pages, or create malicious documents, which allows them to spread their attack more efficiently. Multi-factor authentication on work-related accounts should be mandatory to mitigate the risk.”

Gone in a week

While some use automated tools to test credentials, other attackers manually authenticate the validity of your login information.

Threat actors accessed 23% of all accounts immediately after the compromise. Attackers likely took over the accounts with an automated script to validate the legitimacy of the credentials. After an hour, the breach had happened, cybercriminals manually took over 18%of the accounts.

After 6 hours passed, 2 out of 5 (40%) accounts were manually accessed by hackers. In 12 hours, half of the accounts (50%) were taken over by cybercriminals.

After a day, 64% of accounts were taken over manually by cybercriminals. Finally, nearly all of the accounts, 91%, had been accessed within a week after compromise. 

To read the full article, head over to: https://atlasvpn.com/blog/73-of-phishing-sites-impersonate-microsoft-products-related-login-pages

Credit card fraud has become one of the most popular ways for criminals to make a quick buck. Credit card identity theft is relatively easy to carry out, and it’s also significantly less risky than traditional types of crimes, which is why it’s the most common type of identity theft in the last quarter.

Data extracted and analyzed by Atlas VPN reveals that 97 thousand Americans were the victims of credit card fraud in Q3 2021. This type of identity theft most commonly victimized people ages 30-39.

The analysis is based on the complaints submitted to the Federal Trade Commission (FTC) via their official website identitytheft.gov. Here, US citizens can report identity theft and get help by receiving a personal identity theft recovery plan.

The FTC received 263 thousand identity theft reports in the third quarter of 2021. More than a third of those – 37%, were identity theft complaints concerning credit card fraud.

The majority of the victims belong to the age group of 30-39. As many as 27 thousand victims were in this age group, representing 34% of the total. 

The second most affected group was in the age brackets of 40-49 and 20-29, with 18 thousand and 17 thousand victims, respectively.

How is credit card fraud carried out?

Apart from being less risky than other crimes, credit card fraud is attractive to criminals because it is relatively easy to carry out. On top of that, profits are substantial and immediate due to the nature of the crime.

We will cover the steps the thief has to complete to carry out credit card fraud for educational purposes.

To read the full article, head over to: https://atlasvpn.com/blog/almost-100k-americans-fell-victims-to-credit-card-fraud-in-2021-q3

The wave of cybercrime is plowing throughout America with the biggest damages in history.

Atlas VPN extracted data from publicly available government sources and found that US citizens already lost $3.49 billion to cybercrime in the first three quarters of 2021. You don’t need to bring out the calculator – the damages come out to $12.78 million per day. 

Edward Garb, a cybersecurity researcher at Atlas VPN explains the main driving forces behind the surge in cybercrime damages:

“Cybercriminals are using the buzz around cryptocurrencies, NFTs, and the metaverse to trick people into investing in bogus projects that disappear after raising a hefty sum of money.”

The data for the analysis is based on reports submitted through the official Federal Trade Commission websites –  IdentityTheft.gov and ReportFraud.ftc.gov. Citizens can get help by receiving personal identity theft recovery plans. 

Regarding monetary damages – the FTC does not resolve the allegations, but it does disseminate the information to over 3,000 law enforcement agencies across the United States for further investigation.

The analysis reveals that cybercrime damages sky-rocketed by 82.91% in 2021 compared to last year. To be exact, people lost $1.58 billion more (yes, billion) this year than they did in the same period in 2020.

These losses are a result of 1.6 million unique fraud and identity theft reports submitted to the Federal Trade Commission websites mentioned previously.  This means that the FTC has to deal with around 5,869 complaints every single day.

Last year, the number of reports stood at 1.09 million after the first three quarters of the year, which is around a third less than in 2021. Back then, they had to go through 3,981 complaints daily.

Most damaging types of cybercrime

To better understand the current cybercrime landscape, we will analyze which crimes caused the most trouble.

We already noted that investment-related crimes are on the rise due to countless projects in the crypto, NFT, and metaverse markets. This year, US citizens lost a staggering $956 million to these types of scams, representing a 277.87% growth YoY.

To read the full article, head over to: https://atlasvpn.com/blog/americans-lost-a-record-3-5bn-to-cybercrime-in-2021-ytd

Many successful attacks on the cloud infrastructure are due to poor cybersecurity measures and a lack of control implementations.

According to the data presented by the Atlas VPN team, 86% of hacked Google Cloud accounts are used for illegal crypto mining. In addition, most instances of compromise in Google Cloud are due to weak or no password for the user account.

Hackers conducted cryptocurrency mining 86% of the time after gaining access to a Google Cloud account. Cryptocurrency mining is a for-profit activity, which consumes a large amount of GPU and CPU resources.

Conducting port scanning of other targets on the Internet occurred 10% of the time after Google Cloud compromised instance. Port scanning enables cybercriminals to identify weak spots in the network and exploit found vulnerabilities.

Hackers launched attacks against other targets on the internet 8% of the time following a Google Cloud account hack. Hosting malware on the cloud was the goal of 6% of cybercriminals.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on attacks against cloud services:

“The advantages of cloud-hosted resources include high availability and access at any time. While this simplifies workforce operations, hackers may exploit the cloud’s pervasive nature for their benefit. Despite the increased interest in cybersecurity, spear-phishing and social engineering attacks are still very effective.”

Most exploited vulnerabilities

While trying to deliver a cyberattack, cybercriminals always search for the simplest way to compromise their target.

Weak or no password for a user account or no authentication for APIs caused 48% of the Google Cloud hacks. It indicates that users could have avoided compromising their accounts if they had set up a stronger password.

Hackers exploited a vulnerability in third-party software in the Cloud instance in 26% of cases. If the hacks exploited a zero-day vulnerability, the fault could be attributed to the software developers not releasing an update. However, if a patch was released, responsibility for the compromise falls to the user not updating the software in time.

Misconfiguration of Cloud instance or in third-party software allowed 12% of hacks in Google Cloud. Any mistakes, malfunctions, or gaps in your infrastructure that put you at risk are known as misconfiguration.

Other issues caused 12% of compromises in the Google Cloud. While leaked credentials, such as keys published in GitHub projects, were exploited in 4% of attacks.

To read the full article, head over to: https://atlasvpn.com/blog/86-of-hacks-in-google-cloud-were-used-for-illegal-crypto-mining

According to data analyzed and presented by Atlas VPN, 2021 marks a record year for the development of new Windows malware. Even though 2021 has another month to go, cybercriminals have already developed a whopping 107.28 million unique threats targeted at Windows devices. 

The data for the analysis was provided by AV-TEST GmbH, an independent research institute for IT security. The figures were last updated on November 23, 2021

Interestingly, the creation of new malware types targeted towards Windows OS devices has been growing steadily since 2012. On average, the quantity of new malicious software samples grows by 9.5 million or 23% YoY.

This year so far, we see 107.28 million new threats for Windows OS, representing a 16.53 million or 18% increase over 2020.

In other words, cybercriminals employed more of their resources towards Windows OS than ever before. To put things in perspective, threat actors developed around 328 thousand malware samples daily in 2021.

Cybercriminals work together to reduce costs

The fact that malicious software is easier to develop than ever before contributes to this unprecedented increase in risks.

Hackers no longer require advanced programming abilities because they can buy ready-made malware code, customize it to their needs with a little coding, and create an entirely new malware type.

Moreover, the wide availability of hackers-for-hire made prices ridiculously cheap. For example, one of our earlier analyses uncovered that hiring attacks on the dark web cost as little as $250 per attack.

To read the full article, head over to: https://atlasvpn.com/blog/over-100-million-windows-targeted-malware-developed-in-2021-alone