According to the Cisco DNS Security Report, in 2020 cryptocurrency-based malware affected about 70 percent of customers. About 90 percent of companies encountered a situation where at least one user attempted to connect to a phishing site. 70 percent were exposed to malicious browser ads and 51 percent to ransomware-related activities.
Ciscopublished the "DNS Security" report, which analyzes the malicious DNS activities and threats that took place between January and December last year. It has been found to affect 70, generating large amounts of malicious DNS traffic and consuming valuable computing resources.
In 2020, when security issues become extremely important to everyone, DNS Threat Analysis, which handles 620 billion of DNS requests worldwide each day, was the most common of nearly 90 percent of companies between January and December 2020, mostly by clicking a link in an email. found that fewer users encountered a situation where they attempted to connect to a phishing site.
➡️Other findings regarding DNS activity were as follows: Users in 70 percent of companies were exposed to malicious browser ads. Besides, 51 percent of companies faced activities related to ransomware. 48 percent of the companies detected malicious software activity aimed at stealing information. In the DNS Security report,crypto money As the unit of mining, the threat trends that companies faced in 2020 and were the most likely to encounter this year were emphasized.
The amount of DNS activity associated with phishing has remained stable throughout the year, except in December, when it increased by 52 percent during the holiday season. August and September saw significant increases in the number of endpoints visiting phishing sites.
On the whole, while phishing has increased significantly, more endpoints have started clicking links in phishing emails. One reason for this was the massive phishing campaign that Cisco observed a 102 percent change between July and September.
The Trojans had a strong start this year too. Due to Ursnif / #Gozi and #IcedID, two sources of threats known to work together in ransomware production, an incredible number of endpoints have been connected to Trojan horse sites. These two threat sources alone accounted for 82 percent of the threats seen at the endpoints in January 2020.
Another banking Trojan horse responsible for the massive increase in DNS activity from August to September was Emotet. A total of 45 percent of the companies encountered Emotet.
#Sodinokibi and #Ryuk were the two prominent ransomware for most of the year.
Starting in April, the number of computers captured by Sodinokibi (aka #REvil) increased significantly and continued to rise in the fall. As a result of this significant increase, 46 percent of companies faced this threat. The total number of queries originating from this ransomware in September rose to five times the value in August, indicating that ransomware was running on many of the affected systems.
#Ryuk is largely responsible for the rise in activity from November to December. Still, the number of endpoints connecting to Ryuk-associated domains was relatively small and stable throughout the year, but increased moderately before query activity took off.
Significant differences stand out between the two threats in the amount of money reported that each of the threats tried to leak from victims. While Sodinoki messes with more endpoints and demands a relatively small ransom, Ryuk infects fewer systems and demands a much larger ransom.
🚨"Nobody is alone"🚨
Commenting on the report, Cisco Middle East and Africa Region Cyber Security Director Fady Younes said: “Today, the idea of 'no one is alone' applies to threats as well. The most common attacks these days take advantage of a wide variety of threats at different stages. When you find a threat on your own network, it would be wise to investigate what threats are working with it and take appropriate action to prevent them from creating further danger. "