HEIMDAL™ detection highlighted the decrease in successful cyberattacks

On 31st May 2021, the Heimdal™ Security SOC team started an investigation on attack and exfiltration methodologies. They analyzed that number of failed attempts by cybercriminals is more than the number of successful attempts.
Heimdal™ claims that the results contain aggregated data from all available anti-ransomware and security tools.
Heimdal™ has aggregated data from all available detection grids (i.e., anti-ransomware encryption protection, antivirus, brute-force guardrails, DNS traffic analyzer, and email protection).
Continue scrolling down to know about volume increase and plummeting cyberattack success rates.
Pooled Data of Last Sixth Months
With a halt on 31st October 2021, More than 10,618,600 cases were registered at Heimdal™ Security. This worth of data was pooled from five modules:
- Ransomware Encryption Protection
- Next-Gen Antivirus
- Brute-Force Analyzer
- Threat Prevention-Endpoint+Network
- Email Security
Throughout the aforementioned six-months timeframe, 10,618,665 have been registered by Heimdal™ Security.
A subsequent breakdown revealed that 71.8% (5,004,686) of the registered cases had been carried out by email (i.e., phishing, spear phishing, CEO fraud, etc.)
The number of remaining attack surfaces were:
- Malicious Encryption Attempts – 4,200
- Antivirus-related infections – 346,955
- Brute-Force (Attempts) – 1,090,561
- DNS-delivered infection – 4,172,263
Successful Attempts
As mentioned above, the number of cyberattack attempts are increased. However, the successful attempts are very few.
- Attempts at Malicious Encryption – 1 in 10,000 attacks is successful.
- Antivirus-related infections – 1 in 200,000 attacks is successful.
- Brute-Force (Attempts) – 1 in 100,000 attacks is successful.
- DNS-delivered infection – 1 in 1,000,000 attacks is successful.
Month on month volumetric variances are as follows:
- Malicious Encryption Attempts: 786% increase (reference timeframe: 31.05 – 31.10.2021).
- Antivirus-related infections: 30% increase (reference timeframe: 31.05 – 31.10.2021).
- Brute-Force (Attempts): 7.2% increase (reference timeframe: 31.05 – 31.10.2021).
- DNS-delivered infection: 10% increase (reference timeframe: 31.05 – 31.10.2021).
- Email attacks: 32.92% increase (reference timeframe: 31.05 – 31.10.2021).
Additional details are also released by Heimdal Security about Month on Month (MoM) statistics.
From a statistical point of view, more cases of data breaches, illegal data exfiltration, and ransomware-type activity.
However, Heimdal™ assessment reveals fewer impacts, despite visible volumetric growth.
Methodology & Results
To compute everything, the following information is factored in by Heimdal™ Security.
Risk assessment scores (RA) for each month:
Month
|
RA Score
|
May
|
296
|
June
|
353
|
July
|
376
|
August
|
429
|
September
|
427
|
October
|
342
|
From May to August, the risk score steadily increased. The score plateaued in the August-September timeframe with a distinguishable (and steady) decrease in September and October.
Month
|
Attack volume
|
May
|
1,709,263
|
June
|
1,947,594
|
July
|
1,593,593
|
August
|
1,717,087
|
September
|
1,735,556
|
October
|
1,915,572
|
There is a steady decline in risk score more than mentioned before, taking the place of an “across-the-board” volumetric increase. In the table below, the numbers have been redacted:
From the information mentioned in the tables following inferences can be made:
- EDR-style countermeasures have reduced the average attack's effectiveness.
- Seek-and-destroy techniques have rendered these attacks useless.
- Attackers attempting with attacks have fewer chances of success.
Beyond Recorded Data
This data proves that the defender has slowly begun to win when faced with attackers.
Despite the large volume of ransomware, DNS, AV, email, and FBA attacks, the odds of successful attempts have dramatically decreased if we compare them with records.
Although, it could be a scheme of the large number of attackers working as threat groups.
Heimdal™ SOC says:
We should also take into account the fact that a large number of attacks may just be a part of a larger, defense-probing scheme, orchestrated by one or more threat groups.
Heimdal™ telemetry would be taken with the proverbial grain of salt and will not abandon its stand of providing security and antivirus services.
Mitigations and Recommendations
To keep these attacks and threats decreased, individuals and companies should perform the following implementations:
- Email attack Vector: employ additional spam filters, configure fraud prevention systems.
- DNS attack Vector: traffic-filtering solutions considered as best approaches to DNS-delivered malware.
- Brute-force attack: timing rule on credential input, rules to timeout the session on too many incorrect inputs.
- Ransomware: DNS-traffic filter, updated antivirus, ransomware encryption.
Your email address will not be published. Required fields are marked