Avast Q3/2021 Threat Report Reveals Elevated Risk for Ransomware and RAT Attacks

Rhea-AI Summary

Avast's Q3 2021 Threat Report highlights a 22% increase in ransomware attacks compared to Q1, with notable incidents including the Sodinokibi/REvil ransomware targeting Kaseya. The report also flags the rise of Remote Access Trojans (RATs), such as FatalRAT, posing risks to both businesses and individual privacy. Additionally, rootkit activity surged, and exploit kits like PurpleFox were prevalent. The report details how mobile threats, particularly the FluBot Android malware, adapted their tactics to trick users into downloading malicious software.

Positive

• None.

Negative

• Increased ransomware attack risk by 22% compared to Q1 2021.
• New variants of RATs and rootkits, which threaten business and consumer security.
• FluBot malware showed innovative social engineering tactics, putting users at risk.

PRAGUE, Nov. 16, 2021 /PRNewswire/ -- Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomware and remote access trojans (RATs). RATs can be used for industry espionage, credentials theft, stalking, and even distributed denial of service (DDoS) attacks. The threat researchers also observed innovation in the ever-evolving cybercrime space, with new mechanisms used by exploit kits, and by the mobile banking Trojan Flubot.

Ransomware and RATs putting businesses at risk
In the beginning of Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with Sodinokibi/REvil ransomware. The Avast Threat Labs noticed and blocked this attack on more than 2.4k endpoints. Following the involvement of politics, the ransomware operators released the decryption key, and Sodinokibi's infrastructure went down, with no new variants seen in the wild until September 9th, when Avast detected, and blocked, a new variant. Overall, in Q3, the Avast Threat Labs saw the risk ratio of ransomware attacks go up by 5% vs. Q2, and even up by 22% vs. Q1 2021.

RATs were also a dangerous threat for businesses and consumers, which spread further in Q3 than in the previous quarters. Avast spotted three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 which added web camera photo taking, file stealing and anti-AV capabilities. "RATs can be a fundamental threat for businesses, as they can be used for industry espionage," said Jakub Kroustek, Avast Malware Research Director. "However, RATs can also be used against consumers, for example to steal their credentials, to add their computers to a botnet to drive DDoS attacks, and unfortunately, for cyberstalking, which can do massive harm to an individual's privacy and wellbeing."

Growing distribution of rootkits, and innovation in exploit kits and mobile banking trojans
The Avast Threat Labs also recorded a significant increase in rootkit activity at the end of Q3, which was one of the most significant increases in activity in the quarter. A rootkit is malicious software designed to give unauthorized access to cybercriminals, with the highest system privileges. Rootkits commonly provide services to other malware in the user mode.

Another malware category that appears to be returning are Exploit Kits, with notable new innovations occurring, including the targeting of Google Chrome vulnerabilities. The most active exploit kit was PurpleFox, against which Avast protected over 6,000 users per day on average. Rig and Magnitude were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey. Some exploit kits, especially PurpleFox and Magnitude, are under heavy development, regularly receiving new features and exploitation capabilities.

The Avast Threat Labs also monitored new tactics on the mobile front, with FluBot, an Android SMS banking threat, changing its social engineering approach. Jakub Kroustek said, "Flubot first spread posing as delivery services to lure the victims into downloading a "tracking app" for a parcel they recently missed or should be expecting. In Q3, Avast has seen novel scenarios in spreading this malware. One example is posing as voicemail recorders. Another is fake claims of leaked personal photos. The most extreme of these variants would even lure the victim to a fake page that would claim the victim has already been infected by FluBot when they probably weren't yet and trick them into installing a "cure" for the "infection". This "cure" would in fact be the FluBot malware itself."

Flubot continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany, to later spread throughout the rest of Europe and other countries like Australia and New Zealand.

For more detailed information visit the full report: https://decoded.avast.io/threatresearch/avast-q321-threat-report/

About Avast:
Avast (LSE:AVST), a FTSE 100 company, is a global leader in digital security and privacy, headquartered in Prague, Czech Republic. With over 435 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company's threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of Coalition Against Stalkerware, No More Ransom, and the Internet Watch Foundation. Visit: www.avast.com.

Keep in touch with Avast:

• For security and privacy insights, visit the Avast blog: https://blog.avast.com/ 
• For handy guides, advice and tips, visit Avast Academy: https://www.avast.com/c-academy
• For more information about Avast visit: https://www.avast.com/en-gb/about and https://www.avast.com/company-faqs 
• Follow us on Twitter: @Avast
• Join our LinkedIn community: https://www.linkedin.com/avast
• Visit our Facebook group: www.facebook.com/avast

Media Contact:
pr@avast.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/avast-q32021-threat-report-reveals-elevated-risk-for-ransomware-and-rat-attacks-301425366.html

SOURCE Avast Software, Inc.

FAQ

What does Avast's Q3 2021 Threat Report reveal about ransomware and RATs?

The report indicates a 22% rise in ransomware attacks from Q1 2021, with increased threats from Remote Access Trojans (RATs) that can lead to credential theft and industry espionage.

How did RATs evolve in Q3 2021 according to Avast?

Avast reported the emergence of new RAT variants, including FatalRAT, which can execute anti-VM defenses and steal files, posing significant risks to both businesses and consumers.

What specific malware threats were noted in Avast's Q3 report?

The report highlighted surges in rootkit activity and innovations in exploit kits, especially with PurpleFox targeting Google Chrome vulnerabilities.

What strategies did FluBot use to spread in Q3 2021?

FluBot employed various deceptive tactics, such as posing as delivery notifications and voicemail recorders to trick users into downloading the malware.