ESET has published its Q2 2021 Threat Report, which summarizes the statistics captured by ESET's detection systems, the most important threat findings from cyber investigationsbetter safetyof ESET, as well as data which are published for the first time in the market.
The latest edition of the ESET Threat Report highlights a number of worrying trends recorded by ESET telemetry, such as increasingly aggressive ransomware tactics, more intense brute-force attacks and misleading phishing campaigns targeting people working by the house and perform many administrative tasks remotely.
Ransomware, which saw three major spikes during Q2, saw the highest ransom demands to date. The attack that disrupted its operation Colonial Pipeline – the largest pipeline company in the US – and the supply chain attack that exploited a vulnerability in Kaseya's IT management software sent shockwaves beyond the cybersecurity industry.
Both attacks appeared to be aimed at financial gain rather than cyber espionage, with the perpetrators of the Kaseya attack setting an ultimatum for payment of $ 70 million - the highest ransom demand to date.
"Ransomware gangs may have gone too far this time: the authorities' involvement in such high-profile incidents has forced several gangs to leave the field. But the same cannot be said for TrickBot, which seems to have recovered from last year's efforts, doubling its detection and new features, ”explains Roman Kováč, ESET chief research officer.
On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader crawls halved compared to the first four months of 1.
Password-guessing attacks, which often serve as a gateway for ransomware, increased further in the second four months.
Between May and August 2021, ESET detected 55 billion new brute-force attacks (+ 104% compared to the first four months of 1) against publicly accessed Remote Desktop Protocol services. ESET telemetry also saw a dramatic increase in the average daily number of attacks per single customer, which doubled from 2021 attempts per machine per day in the first four months of 1.392 to 1 in the second four months of 2021.
The exclusive research presented in the Threat Report for the 2nd quarter of 2021 includes findings on the DevilsTongue spyware software, which is used to spy on human rights defenders, dissidents, journalists, activists and politicians, as well as a new campaign. spear phishing by the APT Dukes team, which remains a primary threat to Western diplomats, NGOs, and reservoirs.
A separate section is devoted to the new tools used by the highly active Gamaredon team targeting government agencies in Ukraine.
The 2nd Quarterly 2021 Threat Report also examines the most important findings and achievements of ESET researchers: a new APT team focusing on Windows and Linux systems, a variety of security issues in stalkerware applications for Android, and a different category of malware targeting IIS servers , which is highlighted in the Featured story section.
Finally, the report of ESET also includes an overview of a series of presentations given by the company's researchers and experts over the past few months and features talks scheduled for Virus Bulletin, AVAR, SecTor and many other conferences. It also provides an overview of ESET's participation in the MITER Engenuity ATT&CK® assessment, which will focus on the tactics, techniques and processes used by the Wizard Spider and Sandworm APT teams.
You can read it ESET Threat Report Q2 2021 (PDF) on ESET's blog, WeLiveSecurity.
