In 2020, Kaspersky detected a global average of 360 000 new malicious files each day, an increase of 5.2%, or 18 000 more, compared to the year before.
According to the security giant, this was influenced largely by a significant growth in the number of Trojans and backdoors, with a 40.5% and 23% increase respectively.
These were the findings of the Kaspersky Security Bulletin: Statistics of the Year Report.
On the plus side, adware is on the decline globally, and this scourge experienced a 35% decrease when compared to the previous year. However, not all regions were so lucky, with some noting an increase. In SA, for example, by the end of October last year, the average adware notifications per user increased slightly to over 33 in comparison to 32 for the whole of 2019.
It was also expected that for the duration of 2020, more than 256 000 South Africans would have been hit with adware.
The vast majority of malware detected, nearly 90%, occurred via Windows PE files – a file format specific to Windows operating systems. Concurrently, the number of new malware related to Android operating systems dropped by 13.7%.
Capitalising on remote workers
Given that remote working and studying were the order of the day during the pandemic, most likely on computers and laptops, threat actors seem to have shifted their focus to these devices.
Kaspersky saw a 27% increase in the number of different scripts – sent via malicious e-mail campaigns or encountered on infected Web sites, which could, once again, reflect the fact that people spent more time on the Internet and cyber criminals hoped to capitalise on that.
Denis Staforkin, a security expert at Kaspersky, said the rise in the number of malicious objects detected during 2020 can be attributed to the pandemic, as users across the globe were forced to spend more time on their devices and online.
“It’s hard to know whether or not attackers were more active or our solutions detected more malicious files simply because of greater activity. It could be a combination of both. Either way, we have registered a noticeable increase in the number of new malicious files in 2020, and this will most likely continue in 2021 as employees continue to work from home and countries implement different restrictions. However, if users take basic security precautions, they can significantly lower their risk of encountering them,” he says.
Better than cure
In order to stay protected, Kaspersky recommends that users pay close attention to and don’t open any suspicious files or attachments received from unknown sources. Also, the company advises to double-check the URL format and company name spelling before you download anything, to not download and install applications from untrusted sources, or click on any links received from unknown sources and suspicious online advertisements.
“Create strong and unique passwords, including a mix of lower-case and upper-case letters, numbers and punctuation, and activate two-factor authentication. Also, always install updates. Some of them may contain critical security issues fixes.”
Finally, Kaspersky counsels to ignore messages asking to disable security systems for office software or antivirus software, and to always use a robust security solution appropriate to the system type and devices.
According to Kaspersky, a major spike in network attacks took place in South Africa last week. Affected devices increased from 20,000-30,000 to about 310,000 in the period spanning from 15 – 21 March.
This has coincided with an increase in remote working in the country, after President Cyril Ramaphosa announced first a National State of Disaster and then a 21-day lockdown.
“Remote working provides cybercriminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place,” Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky, said in an interview with MyBroadband.
“Such a spike recorded, although temporary, leads us to believe that cybercriminals have keenly been focused on the region given the current circumstances.”
Protecting your networking during lockdown
Kaspersky provided a variety of tips employees should follow when working remotely during the impending lockdown:
- Make use of a VPN to connect securely to the corporate network
- Use multi-factor authentication wherever possible
- Ensure all corporate devices – including mobiles, laptops and tablets are protected with adequate security software
- Segregate your personal devices/life from corporate computers
- Ensure the latest available updates are installed regularly
- Only use corporate-approved teleconferencing software
- Practice basic cybersecurity rules
The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.
Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”
The report is the latest to detail a 2015 event in which an NSA worker—described as a contractor by the WSJ and an employee in articles from The Washington Post—sneaked classified materials out of the agency and onto an Internet-connected computer that had Kaspersky AV installed on it. The WSJ, WaPo, and The New York Times have all reported that hackers working for the Russian government were able to home in on the documents with the help of the Kaspersky software.
On Tuesday, the NYT was first in reporting that NSA officials first learned of the help provided by Kaspersky AV from Israeli intelligence officials who had hacked into Kaspersky’s corporate network and witnessed the assistance in real time.
Wednesday’s report is the first to explicitly say the assistance wasn’t the result of a covert hack or the exploitation of an inadvertent weakness but rather likely came with the knowledge of at least one Kaspersky official.
“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, “likely” would have known such a thing was happening. The evidence, Wednesday’s report said, has now caused many US officials to believe the company was a “witting partner” in locating the materials on the home computer.
In a statement issued Wednesday, Kaspersky officials wrote:
Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems.
The company has long maintained it has no inappropriate ties to any government, including Russia’s, and vigorously defends against all malware threats.
Meanwhile, Reuters reported that German officials had no evidence to back the reports Kaspersky AV played a role in the theft of the NSA materials and had no plans to warn against the use of the software. Last month, the US Department of Homeland Security took the unprecedented step of banning all federal government agencies and departments from using any Kaspersky goods or services.
The WSJ went on to report that US intelligence agencies spent months studying and experimenting with Kaspersky software to see if they could trigger it into behaving as if it had discovered classified materials on a computer being monitored by US spies. “Those experiments persuaded officials that Kaspersky was being used to detect classified information,” Wednesday’s report said.
By Dan Goodin for ARS Technica
South Africa is among the world’s top 40 sources of spam, according to security firm Kaspersky Lab. The country was ranked 36th as a global source of spam in the third quarter of 2015.
Eugene Kaspersky, chairman and CEO of Kaspersky Lab, will address the most pressing issues facing cybersecurity during a panel session at the World Economic Forum in Davos.