Internet connection sharing systems were the hot spyware targets in 2021: Kaspersky

Internet connection sharing (ICS) computers had seen a sharp increase in spyware attacks globally in 2021, reveals a latest Kaspersky report. 

ICS refers to a windows service that enables one internet-connected computer to act as a hotspot to other computers on a Local Area Network (LAN).    

Kaspersky said that its ICS experts had noticed a growing number of anomalous spyware attacks infecting the computers.  

Although the malware in these attacks belongs to well-known commodity spyware families, they are unique in the sense that they stand out from the mainstream because of limited targets and finishing off the attacks quickly.   

The report showed that 21.2% of all spyware samples blocked on ICS computers in the first half of 2021 were a part of the new limited-scope short lifetime attack series.   

At the same time, up to one-sixth of all computers which were spyware victims were targeted using the same tactic. 

The study also showed that there were a large set of campaigns which spread from one industrial enterprise to another through hard-to-detect phishing emails. The emails identified themselves as correspondence of the victim’s organisation.  

“Overall, we have identified over 2,000 corporate email accounts belonging to industrial companies abused as next-attack C2 servers as a result of successful malicious operations of this type,” Kaspersky said.  

The cybersecurity company estimates that about 7,000 such email accounts were hacked and sold on the dark web or misused for nefarious purposes. 

The average lifespan of these purported ICS attacks was about 25 days. Although short lived, Kaspersky said that they accounted for a “disproportionately large share of all spyware attacks”.