ESET has published its 2nd Quarterly 2021 Threat Report, which summarizes the statistics recorded by ESET tracking systems, the most important threats to ESET cyber security surveys, and data published for the first time on the market.
The latest edition of the ESET Threat Report highlights a number of worrying trends recorded by ESET telemetry, such as increasingly aggressive ransomware tactics, more intense brute-force attacks and misleading phishing campaigns targeting people working by the house and perform many administrative tasks remotely.
Ransomware, which recorded three major peaks during the second four months, showed the highest ransom demands to date. The attack that disrupted Colonial Pipeline - the largest pipeline company in the United States - and the supply chain attack that exploited a vulnerability in Kaseya IT management software caused shocks that were felt in areas beyond the cybersecurity industry.
Both attacks appeared to be aimed at financial gain rather than cyber espionage, with the perpetrators of the Kaseya attack setting an ultimatum for payment of $ 70 million - the highest ransom demand to date.
"Ransomware gangs may have gone too far this time: the authorities' involvement in such high-profile incidents has forced several gangs to leave the field. But the same cannot be said for TrickBot, which seems to have recovered from last year's efforts, doubling its detection and new features, ”explains Roman Kováč, ESET chief research officer.
On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader crawls halved compared to the first four months of 1.
Password-guessing attacks, which often serve as a gateway for ransomware, increased further in the second four months.
Between May and August 2021, ESET detected 55 billion new brute-force attacks (+ 104% compared to the first four months of 1) against publicly accessed Remote Desktop Protocol services. ESET telemetry also saw a dramatic increase in the average daily number of attacks per single customer, which doubled from 2021 attempts per machine per day in the first four months of 1.392 to 1 in the second four months of 2021.
The exclusive research presented in the Threat Report for the 2nd quarter of 2021 includes findings on the DevilsTongue spyware software, which is used to spy on human rights defenders, dissidents, journalists, activists and politicians, as well as a new campaign. spear phishing by the APT Dukes team, which remains a primary threat to Western diplomats, NGOs, and reservoirs.
A separate section is devoted to the new tools used by the highly active Gamaredon team targeting government agencies in Ukraine.
The 2nd Quarterly 2021 Threat Report also examines the most important findings and achievements of ESET researchers: a new APT team focusing on Windows and Linux systems, a variety of security issues in stalkerware applications for Android, and a different category of malware targeting IIS servers , which is highlighted in the Featured story section.
Finally, the ESET report includes an overview of a series of presentations given by researchers and company experts over the past few months and presents speeches scheduled for Virus Bulletin, AVAR, SecTor and many more. It also provides an overview of ESET's involvement in the MITRE Engenuity ATT & CK® evaluation, which will focus on the tactics, techniques and procedures applied by the APT Wizard Spider and Sandworm teams.
You can read it ESET Threat Report T2 2021 (PDF) on ESET's blog, WeLiveSecurity.