Massive resurgence in cyberthreats following COVID-19 - report
There has been a massive resurgence in cyberthreats across multiple categories following pandemic-induced declines in 2020, being referred to as a COVID-19 bounce, according to new research from Malwarebytes.
Malwarebytes tracked a 77% increase in malware detections over 2020. Business-focused cyberthreats jumped 143%, while consumer-specific threats rose by 65% to more than 152 million in 2021. This increase represents more than a return to business as usual, with detection numbers far exceeding pre-pandemic figures.
"2021 was a challenging year for both cybersecurity and user privacy, which points to alarming trends," says Marcin Kleczynski, CEO of Malwarebytes.
"With workforces still dispersed, cybercriminals capitalised on both new and latent vulnerabilities, burrowing deeply into critical infrastructure and infecting supply chains, driving increased threat volume, and homing in on targets with maximum potential for disruption.
"In this climate, ensuring every person and organisation is thoroughly fortified against attacks through a simplified patching process and layered security is more critical than ever."
In the wake of 2020's lockdowns and stay-at-home orders, stalkerware surged, with spyware detections increasing 1,600% in the first six months of that year, the report found.
2020 was the worst year for stalkerware to that point, but 2021 would prove to be even worse. Malwarebytes detected Android monitoring apps 54,677 times and spyware apps 1,106 times, notable figures for this targeted form of abuse, especially due to Android's history of adware issues.
As a founding member of the Coalition Against Stalkerware, Malwarebytes also highlights growing stalking concerns with Apple devices. In 2021, Pegasus spyware infected iPhones used by journalists and government officials, enabling surveillance of their locations and data. Average users also began struggling with the pros and cons of Apple-developed location trackers AirTags that enabled potential victims to be silently monitored by perpetrators. Despite several software updates enabling AirTags to reveal themselves after periods of quiet use, millions of people still face the prospect of being monitored without consent.
Additional key findings from the report include:
- In addition to the COVID-19 bounce in both consumer and business-oriented malware, Malwarebytes tracked 56% year-on-year growth in malware sent via email.
- Mac detections also increased more than 200% YoY, climbing to 164 million, as unwanted app installs from aggressive and/or misleading marketing continued to grow.
- Although ransomware detections decreased in number falling 38% from 2020 ransomware gangs became more targeted, leading to more severe attacks on critical infrastructure and supply chains. The impact of ransomware is predicted to grow in 2022, as ongoing hybrid work perpetuates ongoing vulnerabilities.
- The large mountain of technical debt in widely used apps and code became due, as latent vulnerabilities were exploited in the software billions of people rely upon daily. The IT world asked, why is patching so hard? as zero-day attack chains in Microsoft Exchange Server, 18 zero-day vulnerabilities in Google's Chrome browser, and a Log4j vulnerability with a CVSS score of 10 out of 10 were discovered.