Infoblox is pleased to publish our Q2 2021 of Quarterly Cyberthreat Intelligence Report . We publish these reports during the first month of each calendar quarter. This Q2 2021 report includes our publicly released threat intelligence from April 1, 2021, through June 30, 2021.
Our Core Research on Malware Variants and Trends
Our report reviews the new and recently emerged malware variants and trends, how these differ from other variants we have seen in the past, and defensive tactics and best practices that work. We include coverage of our published research and cyberthreat advisories on the following campaigns:
- Malspam Campaign Spoofing Waybill Delivers Nanocore Rat – June 28, 2021
- Hancitor Downloads Infostealers – June 22, 2021
- Shathak Pushes IcedID Banking Trojan – June 9, 2021
- RemcosRAT Malspam Campaign Spoofs UAE Machinery Company Correspondence – June 2, 2021
- Cyberthreat Advisory – Nobelium Campaigns and Malware – June 2, 2021
- Graftor Adware Still Circulating – May 27, 2021
- Biotech-Themed Malspam Drops BitRAT – May 18, 2021
- Cyberthreat Advisory: DarkSide Ransomware Attack on Colonial Pipeline – May 13, 2021
- Malspam Delivering Agent Tesla Keylogger Spoofs Oil & Gas Co. Messages – May 12, 2021
- Cyberthreat Advisory: FiveHands Ransomware – May 10, 2021
- Polish Language Malspam Campaign Delivers AveMaria Infostealer – May 3, 2021
- Post-Takedown Trickbot Activity – April 28, 2021
- Spoofed Vehicle Purchase Invoice Malspam Drops Formbook Infostealer – April 16, 2021
- Agent Tesla Malspam Campaign Spoofs Bank Correspondence – April 13, 2021
- Italian Economic Support-Themed Malspam Delivers Ursnif Banking Trojan – April 1, 2021
An Expanded View of Ransomware
This quarter, we present an expanded view of ransomware. Approximately 10 percent of all breaches now involve ransomware. The impact and expense of successful ransomware attacks can be crippling to an organization. The recent attacks on JBS and Colonial Pipeline have once again brought focus to the danger of increasingly sophisticated ransomware campaigns.
The estimated payments in 2020 associated with ransomware have been estimated to be about $370 million in cryptocurrency. Ransomware costs are not just about the ransom payouts. The total damage associated with ransomware is estimated to be much higher than the cryptocurrency payouts—perhaps $20 billion.
We overview the ransomware-as-a-service process flow and the primary channels of distribution, as well as provide deep coverage of ransomware campaigns where we have previously done original research. We share information on the NIST cybersecurity framework profile for ransomware risk management, and the CISA new ransomware readiness assessment, both published by these government agencies in June of this year.
Guidance on DNS Security
We also share highly important coverage of the NSA’s and CISA’s recent guidance on DNS security. DNS is key to the foundational security stack in the public sector. The NSA and CISA have gone on record in 2021 with guidance recommending that every agency, organization and enterprise leverage the existing DNS protocol and architecture by using a protective DNS (PDNS) service. This information sheet, Selecting a Protective DNS Service, details the benefits and risks of using DNS security and assesses several commercial PDNS providers based on reported capabilities.
Infoblox foundational security using BloxOne® Threat Defense provides very comprehensive DNS security capability. Infoblox received 100 percent of the performance score based upon the criteria defined by NSA.
Download the Report
Please download the Q2 2021 of Quarterly Cyberthreat Intelligence Report here.
Endnotes
1. Per the Verizon 2021 Data Breach Investigations Report
3. https://purplesec.us/resources/cyber-security-statistics/ransomware/