[Asia Economy Reporter Seungjin Lee] AhnLab announced on the 26th the "2022 Q3 (July-September) Security Threat Trends," analyzing statistics by malware type and cyber attack detection statistics.
AhnLab released the Q3 security threat trends based on the "statistics by malware type" derived using its malware dynamic analysis system "RAPIT" on malware collected by the AhnLab Security Emergency response Center (ASEC), a malware analysis and response organization, and the "statistics by attack type" analyzing attack attempts detected and blocked by AhnLab's Computer Emergency Response Team (CERT) experts.
'Infostealer' Targeting Personal and Corporate Information Maintains Highest Proportion Following H1
In Q3, 'Infostealer,' which steals various user information including encrypted registered account information in user web browsers, cryptocurrency wallet addresses, and files, accounted for 55.1% of the total, maintaining the highest proportion following the first half of the year.
'Downloader' malware, which downloads additional types of malware, ranked second with 22.6%. Additionally, 'Backdoor' malware, which receives commands from attackers to perform further attacks, ranked third with 16.4%, followed by ransomware (4.7%), banking malware (0.8%), and coin miners (0.4%).
Attackers can use information stolen by 'Infostealer malware' to conduct secondary attacks. In particular, account information can be traded on the dark web or used for various crimes such as YouTube account hijacking attacks and malware distribution. AhnLab explained that users should manage personal information by using the latest version of antivirus software, disabling auto-login features, and regularly changing passwords.
Downloader and backdoor malware, ranked second and third respectively, can also serve as tools for secondary attacks by installing additional malware and executing attacker commands. Therefore, security administrators should regularly inspect organizational systems and assets to prevent chain damage.
80% of Attacks Target Vulnerabilities, 'Scanning Attacks' on the Rise
In Q3, attacks targeting vulnerabilities in applications and web environments accounted for 80% of the total, with 'scanning attacks' that search for vulnerabilities showing an increasing trend.
Analysis of attack attempts detected and blocked by AhnLab CERT experts in Q3 revealed that 'application vulnerability attacks' targeting various application vulnerabilities accounted for the highest proportion at 36%. 'Web-based attacks,' targeting vulnerabilities in web servers or database servers connected to web servers, ranked second at 33%. Following that, 'scanning attacks' that explore vulnerability information in network services accounted for 11%.
All top three attack types target vulnerabilities, collectively accounting for 80% of the total. Notably, 'scanning (vulnerability information gathering) attacks,' ranked third, sharply increased in September (average 13,031 cases in July and August → 64,431 cases in September), which can be interpreted as a preparatory stage for full-scale attacks. Therefore, AhnLab urged organizations and corporate security officers to regularly check web and application vulnerabilities and apply the latest security patches to strengthen security management.
High Proportion of Attack Detection in Content Industry Sector
By industry classification, security threats occurred evenly across various sectors, but attacks targeting content industries such as broadcasting, game development, and education showed a relatively high proportion.
According to AhnLab's Q3 industry-specific attack detection ratio analysis, attacks frequently occurred in content-related industries such as broadcasting (16%), game development (14%), and education (11%). This was followed by dot-com (IT) (9%), heavy industry (8%), and insurance (7%).
Unlike malware or attack type statistics, the attack proportions by industry showed less variation in ranking, indicating that attackers are conducting attacks regardless of industry sectors.
To prevent damage from such security threats, individuals within organizations should ▲ refrain from executing attachments in emails from unknown sources ▲ apply the latest security patches to office software, operating systems (OS), and internet browsers ▲ maintain the latest antivirus versions and enable real-time monitoring functions.
At the organizational level, measures should include ▲ regular security inspections and patch applications for PCs, OS, software, and websites within the organization ▲ utilization of security solutions and conducting internal employee security training ▲ monitoring authentication logs for administrator accounts ▲ implementing multi-factor authentication (MFA) as preventive measures.
Jeon Seonghak, head of AhnLab Research Center, said, "Looking at the Q3 threat trends, information theft such as account information and vulnerability attacks are prevalent across all industries. These attacks can lead to larger cyberattacks later, so it is necessary to prepare an integrated security system rather than focusing on specific areas."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
