ESET has published its 2nd Quarterly 2021 Threat Report, which summarizes the statistics recorded by ESET tracking systems, the most important threats to ESET cyber security surveys, and data published for the first time on the market.
The latest edition of the ESET Threat Report highlights a number of worrying trends recorded by ESET telemetry, such as increasingly aggressive ransomware tactics, more intense brute-force attacks and misleading phishing campaigns targeting people working by the house and perform many administrative tasks remotely.
Ransomware, which saw three major spikes during Q2, saw the highest ransom demands to date. The attack that shut down Colonial Pipeline – the largest pipeline company in the US – and the supply chain attack that exploited a software vulnerability managementof Kaseya's IT, sent shockwaves that were felt in areas beyond the cybersecurity industry.
Both attacks appeared to be aimed at financial gain rather than cyber espionage, with the perpetrators of the Kaseya attack setting an ultimatum for payment of $ 70 million - the highest ransom demand to date.
"Ransomware gangs may have gone too far this time: the authorities' involvement in such high-profile incidents has forced several gangs to leave the field. But the same cannot be said for TrickBot, which seems to have recovered from last year's efforts, doubling its detection and new features, ”explains Roman Kováč, ESET chief research officer.
On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader crawls halved compared to the first four months of 1.
Attacks Password-guessing, which often serve as a gateway for ransomware, saw further growth in Q2.
Between May and August 2021, ESET detected 55 billion new brute-force attacks (+104% compared to Q1 2021) against Remote Desktop services Protocol with public access. ESET Telemetry also saw an impressive increase in the average daily number of attacks per unique client, which doubled from 1.392 attempts per machine per day in Q1 2021 to 2.756 in Q2 2021.
Exclusive research presented in the Q2 2021 Threat Report includes findings about DevilsTongue spyware, which is used to spy on people human rights defenders, dissidents, journalists, activists, and politicians, as well as a new spear phishing campaign by the APT Dukes group, which remains a primary threat to Western diplomats, NGOs, and think tanks.
A separate section is devoted to the new tools used by the highly active Gamaredon team targeting government agencies in Ukraine.
The 2nd Quarterly 2021 Threat Report also examines the most important findings and achievements of ESET researchers: a new APT team focusing on Windows and Linux systems, a variety of security issues in stalkerware applications for Android, and a different category of malware targeting IIS servers , which is highlighted in the Featured story section.
Finally, ESET's report also includes an overview of a series of presentations given by the company's researchers and experts over the past few months and presents talks scheduled for Virus Bulletin, AVAR, SecTor and many other conferences. It also provides an overview of ESET's participation in the MITER Engenuity ATT&CK® assessment, which will focus on the tactics, techniques and procedures used by APT Wizard Spider teams and Sandworm.
You can read it ESET Threat Report Q2 2021 (PDF) on ESET's blog, WeLiveSecurity.
