- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: 2021 Trends in Ransomware and Malware
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
2021 Trends in Ransomware and Malware
As mentioned earlier, reports of ransomware increased in 2021. Compromise through phishing e-mails and brute-forcing on Remote Desktop Protocol (RDP) services remain the two most common infection vectors. During the reporting period in 2021, we saw that the Conti and REvil threat actors dominated the ransomware market from a financial as well as from a volume of infections point of view. Both actors provide separate ransomware-as-a-service (RaaS) platforms through which affiliates can efficiently orchestrate their attacks. The focus on RaaS-type business models increased during 2021, making proper attribution to individual threat actors difficult. Cryptocurrency remains the most common pay-out method for threat actors. Attackers shifted to Monero as their cryptocurrency of choice because of its enhanced anonymity and the indistinguishability of transactions. The average ransom amount doubled over the last year, though small amounts of ransom are still popular with threat actors. They tend to be paid more easily and result in less public exposure for the threat actor. The higher demands also increased. Over just a few months, the highest demand made in 2020 more than doubled in 2021.
Malware on the other hand saw a decline in popularity. Employees worked more from home and used their consumer ISPs and personal computers for work-related activities. This home environment and infrastructure doesn’t have the same level of protection and detection, limiting the visibility of malware infections. The reduction in this visibility can cause a gap when collected statistical data is based only on detecting infections in the corporate environment. In 2021, the decrease in malware infections is continuing. Research shows a further reduction of 22% over the first six months of 2021, compared to this period last year. Note that a reduction in total malware volume does not mean that cybercrime declined. In the past, malware was used to infect a maximum of victims. Today, the focus is less on quantity and more on the quality of infections. In 2019, the number of malicious Office and PDF files was equal. Throughout 2020, the number of malicious Office files increased heavily until they exceeded PDF files by 150%. In 2021, the share of malware on both these file types dropped, with executable files gaining the ground they had lost. For 2020, the most detected malware categories in corporate environments included botnets (28%), cryptominers (21%), infostealers (16%), mobile (15%), banking (14%), and ransomware (4%).312 In June 2021, the most common malware families detected were Trickbot (botnet and banking), XMRig (cryptominer), Formbook (infostealer), Glupteba (botnet), and Agent Tesla (infostealer). Notice that these malware families did not change a lot over the last year. One noticeable difference is the fact that Emotet was taken down and Trickbot took over its market share.