Countries such as Argentina (+56 percent), UK (+55 percent), Brazil (+50 percent), France (+42 percent), and India (+37 percent) had the highest quarter-on-quarter increases in ransomware risk ratio, the cyber security leader said.
“The dip in ransomware attacks in Q4-2021 and Q1-2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which led to disagreements within the Conti ransomware group, halting their operations,” Jakub Kroustek, Avast Malware Research Director, said.
Things changed in Q2-2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity.
Avast researchers discovered two new zero day exploits used by Israeli spyware vendor Candiru to target journalists in Lebanon, among others. The first was a bug in WebRTC, which was exploited to attack Google Chrome users in highly targeted watering hole attacks, but also affected many other browsers. Another exploit allowed the attackers to escape a sandbox they landed in after exploiting the first zero-day. The second zero-day Avast discovered was exploited to get into Windows kernel.
Another zero-day described in the report is Follina, a remote code execution bug in Microsoft Office, which was widely exploited by attackers ranging from cybercriminals to Russia-linked APT groups operating in Ukraine. The zero-day was also abused by Gadolinium/APT40, a known Chinese APT group, in an attack against targets in Palau.
Macros blocked by default
Software major Microsoft is blocking VBA macros, a popular infection vector, by default in Office applications. Macros were used by threats described in the Q2/2022 Threat Report, including remote access trojans like Nerbian RAT, a new RAT written in Go that emerged in Q2/2022, and by the Confucius APT group to drop malware onto victims’ computers.