In the report, we take an in-depth look at the most notable threat developments during June to September 2021
Avast Threat Labs is releasing its Q3 Threat Report covering the global threat landscape from June 2021 to September 2021.
This is a broad and comprehensive report that looks at mobile and desktop threat trends around the world. The focus is on a variety of areas including ransomware, remote access Trojans (RATs), rootkits, information stealers, mobile banking malware, and more.
There were two main notable findings from the report.
First, we see an elevated risk for ransomware and RAT attacks. For ransomware, we find that Q3 ransomware attacks were 5% higher than in Q2 and even 22% higher than in Q1 2021. For RATs we saw an elevated risk ratio for RATs in many countries all over the world. In particular, Russia, Singapore, Bulgaria, and Turkey all saw elevated RAT attacks this quarter.
Second, we’ve seen increased attack, activity, and innovation from two areas that were notable in the past, but have been relatively out of mind in the past couple of years: rootkits and exploit kits.
For rootkits, we saw a significant increase in activity in Q3. We saw the most increase in this activity in China, Macao, Hong Kong, and Taiwan.
For exploit kits, we saw that the most active exploit kit was PurpleFox, while the Rig and Magnitude exploit kits were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey malware. Also notable is the fact that we saw exploit kits beginning to experiment with the targeting of Google Chrome vulnerabilities, a new development that could forecast a new chapter in exploit kit targeting.
Finally, on the mobile front, we saw that FluBot, an Android SMS banking threat, continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany. In Q3, FluBot expanded throughout the rest of Europe and to other countries, like Australia and New Zealand.
While these are all notable developments for the quarter, there’s much more information in the full report, including Advanced Persistent Threats (APTs), information stealers, coinminers, technical support scams, and more.