Experts also found a growing number of advanced persistent threat (APT) attacks against individuals and governments. In autumn 2019, the Positive Technologies ESC (Expert Security Center) identified 17 attacks by the Gamaredon group, targeting state institutions and military and defense–related organisations in Ukraine. In December, the Bisonal group attacked government institutions in Mongolia, South Korea, and Russia. In the last quarter of 2019, Positive Technologies Expert Security Center (PT ESC) also recorded attacks by APT groups such as TA505, Sofacy (APT28), Donot (APT-C-35), Cloud Atlas, Bronze Union (LuckyMouse, APT27), Leviathan (APT40), SongXY, Cobalt, and RTM.
Overall, the industries which are attacked the most frequently remain the same as the previous quarter — government institutions, manufacturing, healthcare, finance, and education. Experts have also seen a two-fold increase in attacks on IT companies and retail businesses.
Payment card information made up almost a third of all data stolen from organizations (32 percent). This is 25 percentage points more than in the previous quarter. Experts believe this increase was caused by the peak shopping season during Christmas, the growing number of MageCart attacks, and also the second wave of attacks on Click2Gov service popular in the U.S.
Ransomware on the increase as tactics change
The expert’s analysis indicated that ransomware is increasingly dangerous to both organisations and individual users. The percentage of ransomware attacks has grown - 36 percent for organizations and 17 percent for individuals, versus 27 percent and 7 percent, respectively, in the previous quarter. Attacks of Sodinokibi, Maze, Ryuk, and Bitpaymer ransomware are among the most aggressive malware used by attackers.
The ESC also found a worrying new trend - ransomware operators are now holding data hostage, threatening to disclose stolen information to third parties, unless the victim pays the ransom.
According to Positive Technologies analyst Yana Avezova, "Companies have started paying more attention to making backups in the case of an attack. Attackers have become aware of this and now threaten their victims with further consequences by leaking their personal data. We found several incidents where companies refused to pay the ransom, and the attackers followed through on their threat."