The security company ESET published the 2rd Quarter 2022 Threat Report (PDF), which summarizes the statistics recorded by the company's detection systems, as well as the most important findings from cybersecurity investigations it has conducted.
The last issue of its Threat Report ESET covers the period May-August 2022 and sheds light on the most common phishing baits, how plummeting cryptocurrency exchange rates have affected online threats, changes seen in ransomware which is done for ideological reasons, in his activity Emotet, and an end to the continued rapid weakening of Remote Desktop Protocol (RDP) attacks.
After the sharp decline seen in the first quarter of 2022, the total number of attempted RDP attacks in 2ο quarter of 2022 decreased by 89%. Its analysts ESET believe that the reasons that the attacks type RDP continuing the steep decline is the return of workers to offices after the COVID pandemic crisis, the general improvement of security measures taken by businesses and the Russia-Ukraine war.
However, despite the number of attacks type RDP decreased, Russian IP addresses remained the most responsible for most of them.
"At the same time, in the first quarter of 2022, Russia was also the country that was the biggest target of attacks type ransomware, with some of the attacks being politically or ideologically motivated due to the war. However, its Q2 2022 Threat Report ESET shows that this wave of hacktivism was reduced to 2o quarter and the operators ransomware turned their attention to the United States, China and Israel” explains o Roman Kovthank you Chief Research Officer of ESET.
In relation to Emotet, according to her telemetry ESET, August was a month of… holidays for malware managers. Moreover, the gang behind it adjusted according to its decision Microsoft to disable macros VBA in documents sourced from the internet and focused on campaigns based on weaponized archives Microsoft Office and files LNK.
The report also examines the threats that mainly affect them household users.
The references Phishing of ESET they showed a sixfold increase of baits Phishing for purported product shipments, which most often present victims with false claims of it DHL and USPS to verify shipping addresses.
"Regarding the threats that directly affect the virtual and physical currencies, one website skimmer known as Magecart remains the top threat that preys on credit card information online buyers. We also saw double increase of baits Phishing on the topic of cryptocurrencies and the increase in the number of cryptostealers" explains o Kováč.
Η 2rd Quarter 2022 Threat Report ESET it also examines the most important ones foundings in the upcoming years, while accomplishments of researchers of ESET.
So, this quarter, her researchers ESET they found :
- a hitherto unknown MacOS backdoor and later attributed it to the team scarcruft
- an updated version of ArguePatch malware loader team's APT named Sandworm
- payloads of group Lazarus into a trojanized apps
- vulnerabilities buffer overflow on UEFI firmware of Lenovo, in the upcoming years, while end
- a new attack campaign that uses as bait a its fake software update Salesforce.
Also, its researchers ESET analyzed a case of the campaign Operation In(ter)ception team's Lazarus which targeted macOS devices.
In addition to these findings, the report also presents the recommendations made publicly by its researchers ESET the last few months and the speeches planned for the conferences AVAR, Ekoparty And much more.