ESET has published its 2nd Quarterly 2021 Threat Report, which summarizes the statistics recorded by ESET tracking systems, the most important threats to ESET cyber security surveys, and data published for the first time on the market.
The recent edition of the ESET Threat Report highlights several worrying trends recorded by the telemetry of ESET, such as increasingly aggressive ransomware tactics, more intensive brute-force attacks, and deceptive phishing campaigns that target people who work from home and perform many administrative tasks remotely.
Το Ransomware, το οποίο σημείωσε τρεις σημαντικές κορυφώσεις κατά τη διάρκεια του 2ου τετραμήνου, παρουσίασε τις μεγαλύτερες απαιτήσεις λύτρων μέχρι σήμερα. Η επίθεση που διέκοψε τη λειτουργία της Colonial Pipeline - της μεγαλύτερης εταιρείας αγωγών στις ΗΠΑ - και η επίθεση στην αλυσίδα εφοδιασμού που αξιοποίησε μια ευπάθεια στο software Kaseya's IT management, have sent ripples that have been felt in areas beyond the cybersecurity industry.
Και οι δύο επιθέσεις φάνηκε ότι αποσκοπούσαν στο οικονομικό κέρδος και όχι στην κυβερνοκατασκοπεία, με τους δράστες της επίθεσης Kaseya να θέτουν τελεσίγραφο για πληρωμή 70 εκατομμυρίων δολαρίων ΗΠΑ - την υψηλότερη μέχρι στιγμής απαίτηση για λύτρα.
"Οι συμμορίες Ransomware μπορεί να το παράκαναν αυτή τη φορά: η εμπλοκή των αρχών σε τέτοια περιστατικά υψηλού προφίλ ανάγκασε αρκετές συμμορίες να εγκαταλείψουν το πεδίο. Δεν μπορούμε να πούμε το ίδιο όμως και για το TrickBot, το οποίο φαίνεται να έχει ανακάμψει από τις περσινές προσπάθειες, με διπλασιασμό των ανιχνεύσεων και με νέα χαρακτηριστικά", εξηγεί ο Roman Kováč, chief research officer της ESET.
On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader crawls halved compared to the first four months of 1.
Password-guessing attacks, which often serve as a gateway for ransomware, increased further in the second four months.
Between May and August 2021, ESET detected 55 billionmillions new brute-force attacks (+104% compared to Q1 2021) against publicly accessible Remote Desktop Protocol services. ESET Telemetry also saw an impressive increase in the average daily number of attacks per unique client, which doubled from 1.392 attempts per machine per day in Q1 2021 to 2.756 in Q2 2021.
Exclusive research presented in the Q2 2021 Threat Report includes findings about DevilsTongue spyware, which is being used to spy on human rights defenders, dissidents, journalists, activists and politicians, as well as a new campaign spear phishing by the APT Dukes group, which remains a primary threat to Western diplomats, NGOs, and think tanks.
A separate section is devoted to the new tools used by the highly active Gamaredon team targeting government agencies in Ukraine.
The Q2 2021 Threat Report also examines the most important findings and achievements of ESET researchers: a new APT group targeting Windows and Linux systems, numerous security issues in applications stalkerware for Android and a different class of malware targeting IIS servers, which is highlighted in the Featured story section.
Finally, the ESET report includes an overview of a series of presentations given by researchers and company experts over the past few months and presents speeches scheduled for Virus Bulletin, AVAR, SecTor and many more. It also provides an overview of ESET's involvement in the MITRE Engenuity ATT & CK® evaluation, which will focus on the tactics, techniques and procedures applied by the APT Wizard Spider and Sandworm teams.
You can read it ESET Threat Report Q2 2021 (PDF) on ESET's blog, WeLiveSecurity.