Follow us

HEIMDAL™ detection highlighted the decrease in successful cyberattacks

Although cyberattacks have increased, the number of successful attempts has tremendously decreased…

Published: November 3, 2021 By Ozair Malik

Title image for Heimdal™ Detection highlighted the decrease in successful Cyberattacks

Image source – freepik.com

On 31st May 2021, the HeimdalSecurity SOC team started an investigation on attack and exfiltration methodologies. They analyzed that number of failed attempts by cybercriminals is more than the number of successful attempts.

Heimdal™ claims that the results contain aggregated data from all available anti-ransomware and security tools.

Heimdal has aggregated data from all available detection grids (i.e., anti-ransomware encryption protection, antivirus, brute-force guardrails, DNS traffic analyzer, and email protection).

Continue scrolling down to know about volume increase and plummeting cyberattack success rates.

Pooled Data of Last Sixth Months

With a halt on 31st October 2021, More than 10,618,600 cases were registered at HeimdalSecurity. This worth of data was pooled from five modules:

  1. Ransomware Encryption Protection
  2. Next-Gen Antivirus
  3. Brute-Force Analyzer
  4. Threat Prevention-Endpoint+Network
  5. Email Security

Throughout the aforementioned six-months timeframe, 10,618,665 have been registered by HeimdalSecurity.

A subsequent breakdown revealed that 71.8% (5,004,686) of the registered cases had been carried out by email (i.e., phishing, spear phishing, CEO fraud, etc.)

The number of remaining attack surfaces were:

  • Malicious Encryption Attempts – 4,200
  • Antivirus-related infections – 346,955
  • Brute-Force (Attempts) – 1,090,561
  • DNS-delivered infection – 4,172,263

Successful Attempts

As mentioned above, the number of cyberattack attempts are increased. However, the successful attempts are very few.

  • Attempts at Malicious Encryption – 1 in 10,000 attacks is successful.
  • Antivirus-related infections – 1 in 200,000 attacks is successful.
  • Brute-Force (Attempts) – 1 in 100,000 attacks is successful.
  • DNS-delivered infection – 1 in 1,000,000 attacks is successful.

Month on month volumetric variances are as follows:

  • Malicious Encryption Attempts: 786% increase (reference timeframe: 31.05 – 31.10.2021).
  • Antivirus-related infections: 30% increase (reference timeframe: 31.05 – 31.10.2021).
  • Brute-Force (Attempts): 7.2% increase (reference timeframe: 31.05 – 31.10.2021).
  • DNS-delivered infection: 10% increase (reference timeframe: 31.05 – 31.10.2021).
  • Email attacks: 32.92% increase (reference timeframe: 31.05 – 31.10.2021).

Additional details are also released by Heimdal Security about Month on Month (MoM) statistics.

From a statistical point of view, more cases of data breaches, illegal data exfiltration, and ransomware-type activity.

However, Heimdal™ assessment reveals fewer impacts, despite visible volumetric growth.

Methodology & Results

To compute everything, the following information is factored in by Heimdal™ Security.

Risk assessment scores (RA) for each month:


Month
RA Score
May
296
June
353
July
376
August
429
September
427
October
342

From May to August, the risk score steadily increased. The score plateaued in the August-September timeframe with a distinguishable (and steady) decrease in September and October.


Month
Attack volume
May
1,709,263
June
1,947,594
July
1,593,593
August
1,717,087
September
1,735,556
October
1,915,572

There is a steady decline in risk score more than mentioned before, taking the place of an “across-the-board” volumetric increase. In the table below, the numbers have been redacted:

From the information mentioned in the tables following inferences can be made:

  • EDR-style countermeasures have reduced the average attack's effectiveness.
  • Seek-and-destroy techniques have rendered these attacks useless.
  • Attackers attempting with attacks have fewer chances of success.

Beyond Recorded Data

This data proves that the defender has slowly begun to win when faced with attackers.

Despite the large volume of ransomware, DNS, AV, email, and FBA attacks, the odds of successful attempts have dramatically decreased if we compare them with records.

Although, it could be a scheme of the large number of attackers working as threat groups.

Heimdal™ SOC says:

We should also take into account the fact that a large number of attacks may just be a part of a larger, defense-probing scheme, orchestrated by one or more threat groups.

Heimdal™ telemetry would be taken with the proverbial grain of salt and will not abandon its stand of providing security and antivirus services.

Mitigations and Recommendations

To keep these attacks and threats decreased, individuals and companies should perform the following implementations:

  • Email attack Vector: employ additional spam filters, configure fraud prevention systems.
  • DNS attack Vector: traffic-filtering solutions considered as best approaches to DNS-delivered malware.
  • Brute-force attack: timing rule on credential input, rules to timeout the session on too many incorrect inputs.
  • Ransomware: DNS-traffic filter, updated antivirus, ransomware encryption.
Tags: 
News
Author
Ozair Malik
A passionate Cyber Security researcher and writer with a keen interest in Digital Forensics. A community worker running a insta blog to raise cybersecurity awareness among laymen.

Leave a comment

click to select