Η international company cybersecurity firm ESET recently published its Q1 2022 Threat Report, which summarizes the statistics captured by its detection systems and the most important threat findings from the company's investigations.
The latest edition of the ESET Threat Report presents the cyber-attacks linked to the war in Ukraine, which ESET researchers have analyzed or helped to address. These include the revival of the infamous Industroyer malware, which attempted to attack high-voltage substations.
ESET telemetry also recorded other changes in the field of cyber threats that may be related to the situation in Ukraine. Roman Kováč, ESET Chief Research Officer, explains why this report focuses so much on cyber-threats related to the war in Ukraine: “Many armed conflicts are raging in different parts of the world, but for us it is different. "Right across the eastern border of Slovakia, where ESET is headquartered, Ukrainians are fighting for their lives and their freedom."
Just before the Russian one invasion, ESET telemetry recorded a sharp drop in Remote Desktop Protocol (RDP) attacks. The decline in these attacks comes after two years of steady growth – and as explained in the Exploits section of ESET's latest threat report, this turn of events may be related to the war in Ukraine. But even with this drop, nearly 60% of inbound RDP attacks seen in the first quarter of 2022 came from Russia.
Another collateral loss due to the war: While in the past, ransomware threats avoided targets located in Russia, during this period, according to ESET telemetry, Russia was the most attacked country. ESET researchers even detected screen variants locking who used the Ukrainian national greeting “Slava Ukraini!” (Glory to Ukraine!).
After the Russian invasion of Ukraine, the number of amateur ransomware and wipers has increased. Their creators often declare support for one of the warring parties and launch attacks as personal feuds.
As expected, the war has also been exploited for spam and phishing campaigns. Immediately after the invasion on February 24, cybercriminals began exploiting people trying to support Ukraine, using false charities and fundraisers as lures. That day, ESET telemetry spotted a big spike in spam detection.
ESET telemetry has also identified many other threats unrelated to the Russia / Ukraine war. "We can confirm that Emotet - the well-known malware, which spreads mainly through spam emails - has returned after last year's eradication efforts and has been re-launched into our telemetry," Kováč explains. Emotet operators launched one spam campaign after another in the first four months, with Emotet detections increasing hundreds of times. However, as the Threat Report notes, malicious macro-based campaigns may be the latest, given Microsoft's recent move to disable macros from the Internet in Office programs by default. Following this modification, Emotet operators began testing other tampering procedures on much smaller victim samples.
The ESET T1 2022 Threat Report examines, among other things, the most important threat findings from ESET's cybersecurity research: exploitation of kernel vulnerabilities driver, high-impact UEFI vulnerabilities, cryptocurrency malware targeting Android and iOS devices, a campaign using the DazzleSpy macOS malware, and campaigns by Mustang Panda, Donot Team, Winnti Group, and TA410 APT.
Finally, the ESET report includes an overview of presentations by the company's researchers during the first four months of 2022, as well as speeches scheduled for the RSA and REcon conferences in June 2022, presenting the location of Wslink and ESPecter by ESET Research. These appearances will be followed by a talk at the Virus Bulletin conference in September 2022.
You can read it ESET Threat Report Q1 2022 on ESET's blog, WeLiveSecurity. Follow the ESET research team's Twitter account for the latest developments.
