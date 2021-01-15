2020 was one of the most difficult years when it comes to cybersecurity. In a new study, Kaspersky detected an average of 360,000 new malicious files per day last year, an increase of 5.2 percent compared to 2019, mainly due to Trojans and “back doors.”

The Annual Statistics Report shows “a notable increase in the number of new malicious files“detected by Kaspersky systems in 2020 that, according to the firm’s security expert Denis Staforkin,”it is very likely to continue until 2021as employees continue to work from home. “

According to the report, Kaspersky’s detection systems discovered an average of 360,000 new malicious files every day for the last twelve months, 18,000 more than the previous year (an increase of 5.2%) and more than the 346,000 of 2018, as shared in a statement.

NetWalker, the ransomware that attacked the Home Office last year. Photo: McAffee

60.2 percent of those malicious files were non-specific Trojans. Overall, the percentage of detected Trojans increased 40.5 percent compared to 2019. The company notes that there was also a notable increase in the number of detected back doors, as well as worms. However, the company notes that it lowered adware detection, which saw a 35 percent decrease compared to 2019 data.

The vast majority of malicious files detected (89.80%) were produced via Windows PE files, a file format specific to Windows operating systems. At the same time, the number of new malicious programs related to Android operating systems decreased by 13.7%.

This change in focus may be related to the increased use of desktops and laptops to study and work from home, as indicated by the company.

List of historical ransomwares from 2013-2019, a very common type of attack in 2020. Source: RSA – FBI

There was also a 27 percent increase in the number of different ‘scripts’ – sent through advertising campaigns. malicious email or found on infected websites-, which could also reflect the fact that people were spending more time on the Internet and attackers were trying to take advantage of that fact.

The covid vaccine, one of the main targets

Vaccines against the coronavirus, focus of the attacks. AFP photo

The coronavirus situation intensified the attacks in 2020. Kaspersky found, in fact, two incidents of advanced persistent threats (APT) that targeted entities related to the investigation into Covid-19, a body belonging to a Ministry of Health and a pharmaceutical company.

The first attack identified was directed against an agency of a Ministry of Health. On October 27, 2020, two Windows servers of the organization were compromised with a sophisticated ‘malware’, an ‘old acquaintance’ by Kaspersky experts called ‘wAgent’.

From its analysis, the company was able to verify that wAgent had the same infection scheme as the one previously used by the Lazarus group in attacks on cryptocurrency companies.

Photo EFE

The second incident involved a pharmaceutical company. According to Kaspersky telemetry, the company suffered a data breach on September 25, 2020. The company is developing a vaccine against COVID-19 and it is also authorized to produce and distribute it.

This time, the attacker deployed the Bookcode ‘malware’, previously reported by the security provider for its connection to Lazarus in a supply chain attack. through a South Korean software company.

Kaspersky researchers also witnessed the Lazarus group spear-phishing or strategically compromising websites in order to distribute Bookcode malware in the past.