STOCK TITAN

Q2/2022 Threat Report: Ransomware on the Rise

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Very Negative)
Tags
Rhea-AI Summary

Avast's Q2/2022 Threat Report highlights a 24% increase in global ransomware attacks compared to Q1/2022. Regions with the highest risk ratios include Argentina (+56%) and the UK (+55%). Researchers also identified new zero-day exploits affecting Chrome and Windows, with malicious actors shifting from VBA macros to other methods like LNK files and ISO images. The report underscores the need for vigilance, as cybercriminals adapt quickly to changes in defense measures, such as Microsoft's default blocking of macros.

Positive
  • Discovery of new zero-day exploits may enhance security protocols.
  • Increased awareness of ransomware threats could drive demand for security services.
Negative
  • Significant 24% rise in ransomware attacks may indicate worsening cyber threats.
  • Emergence of new ransomware groups such as Black Basta and Karakurt increases market risks.

Avast researchers discover new zero-day exploits, and changes in attack vectors since Microsoft Office macros have been blocked

PRAGUE, Aug. 10, 2022 /PRNewswire/ -- Avast (LSE: AVST), a global leader in digital security and privacy released its Q2/2022 Threat Report today, revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector.

Ransomware attacks increase

After months of decline, global ransomware attacks increased significantly in Q2/2022, up 24% from the previous quarter. The highest quarter-on-quarter increases in ransomware risk ratio occurred in Argentina (+56%), UK (+55%), Brazil (+50%), France (+42%), and India (+37%).

"Consumers, but especially businesses should be on guard and prepared for encounters with ransomware, as the threat is not going anywhere anytime soon," explains Jakub Kroustek, Avast Malware Research Director. "The decline in ransomware attacks we observed in Q4/2021 and Q1/2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which also led to disagreements within the Conti ransomware group, halting their operations. Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity."

Zero-day exploits

Avast researchers discovered two new zero day exploits used by Israeli spyware vendor Candiru to target journalists in Lebanon, among others. The first was a bug in WebRTC, which was exploited to attack Google Chrome users in highly targeted watering hole attacks, but also affected many other browsers. Another exploit allowed the attackers to escape a sandbox they landed in after exploiting the first zero-day. The second zero-day Avast discovered was exploited to get into Windows kernel.

Another zero-day described in the report is Follina, a remote code execution bug in Microsoft Office, which was widely exploited by attackers ranging from cybercriminals to Russia-linked APT groups operating in Ukraine. The zero-day was also abused by Gadolinium/APT40, a known Chinese APT group, in an attack against targets in Palau.

Macros blocked by default

Microsoft is now blocking VBA macros by default in Office applications. Macros have been a popular infection vector for decades. They were used by threats described in the Q2/2022 Threat Report, including remote access trojans like Nerbian RAT, a new RAT written in Go that emerged in Q2/2022, and by the Confucius APT group to drop further malware onto victims' computers.

"We have already noticed threat actors beginning to prepare alternative infection vectors, now that macros are being blocked by default. For example, IcedID and Emotet have already started using LNK files, ISO or IMG images, and other tricks supported on the Windows platform as an alternative to maldocs to spread their campaigns," continued Jakub Kroustek. "While cybercriminals will surely continue to find other ways of getting their malware onto people's computers, we are hopeful that Microsoft's decision will help make the internet a safer place."

The full Avast Q2/2022 Threat Report can be found here: https://decoded.avast.io/threatresearch/avast-q2-2022-threat-report/

About Avast:

Avast (LSE: AVST), a FTSE 100 company, is a global leader in digital security and privacy, headquartered in Prague, Czech Republic. With over 435 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company's threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of Coalition Against Stalkerware, No More Ransom, and the Internet Watch Foundation. Visit: www.avast.com.

Keep in touch with Avast:

Contact: PR@avast.com 

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/q22022-threat-report-ransomware-on-the-rise-301603500.html

SOURCE Avast Software, Inc.

FAQ

What did Avast report in Q2/2022 regarding ransomware?

Avast reported a 24% increase in global ransomware attacks in Q2/2022 compared to Q1/2022.

How are zero-day exploits impacting digital security?

Avast identified new zero-day exploits that allow attackers to bypass security measures, affecting Chrome and Windows.

What changes have been made regarding Microsoft Office macros?

Microsoft has blocked VBA macros by default, which were previously popular infection vectors.

What regions saw the highest increase in ransomware risk?

The highest increases in ransomware risk were reported in Argentina (+56%) and the UK (+55%).

Which new ransomware groups have emerged according to Avast?

New ransomware groups like Black Basta and Karakurt have emerged, contributing to the rise in attacks.

AVTTY

OTC:AVTTY

AVTTY Rankings

AVTTY Latest News

AVTTY Stock Data

Data Processing, Hosting, and Related Services
Information
Link
United Kingdom
110 High Holborn