The international cybersecurity company ESET recently published the Threat Report for the first four months of 1, which summarizes the statistics recorded by its tracking systems and the most important findings for threats from the company's investigations.
The latest edition of the ESET Threat Report presents the cyber-attacks linked to the war in Ukraine, which ESET researchers have analyzed or helped to address. These include the revival of the infamous Industroyer malware, which attempted to attack high-voltage substations.
ESET telemetry also recorded other changes in the field of cyber threats that may be related to the situation in Ukraine. Roman Kováč, ESET Chief Research Officer, explains why this report focuses so much on cyber-threats related to the war in Ukraine: “Many armed conflicts are raging in different parts of the world, but for us it is different. "Right across the eastern border of Slovakia, where ESET is headquartered, Ukrainians are fighting for their lives and their freedom."
Shortly before the Russian invasion, ESET telemetry recorded a sharp drop in RSP attacks work (RDP). The decline in these attacks comes after two years of continuous growth – and as explained in the Exploits section of ESET's latest threat report, this turn of events may be related to the war in Ukraine. But even with this drop, nearly 60% of inbound RDP attacks seen in the first quarter of 2022 came from Russia.
Another collateral loss due to war: While in the past, the threats ransomware avoided targets located in Russia, during which time, according to ESET telemetry, Russia was the most attacked country. ESET researchers even spotted lock screen variants that used the Ukrainian national greeting “Slava Ukraini!” (Glory to Ukraine!).
After the Russian invasion of Ukraine, the number of amateur ransomware and wipers has increased. Their creators often declare support on one of the warring sides and launch attacks as personal vendettas.
Predictably, the war has also been exploited for spam and phishing campaigns. Immediately after the February 24 hack, cybercriminals began exploiting them people who were trying to support Ukraine, using fake charities and fundraisers as bait. On that day, ESET telemetry detected a large spike in spam detections.
ESET's telemetry has also identified many other threats unrelated to the Russia/Ukraine war. "We can confirm that Emotet - the well-known malware, which spreads mainly via spam email - has returned after last year's eradication efforts and has re-launched itself into our telemetry," explains Kováč. Emotet operators launched one spam campaign after another in the first four months, with Emotet detections increasing a hundredfold. However, as the Threat Report notes, the campaigns based on malicious macros may have been the last, given Microsoft's recent move to disable pre-choice macros from the web in Office programs. After this modification, Emotet operators began testing other hacking procedures on much smaller samples of victims.
The ESET T1 2022 Threat Report examines, among other highlights, threats from ESET cyber security investigations: kernel driver vulnerabilities, high-impact UEFI vulnerabilities, cryptocurrency malware targeting Android and iOS devices, a campaign uses malware DazzleSpy macOS and Mustang Panda, Donot Team, Winnti Group and TA410 APT campaigns.
Finally, the ESET report includes an overview of presentations by the company's researchers during the first four months of 2022, as well as speeches scheduled for the RSA and REcon conferences in June 2022, presenting the location of Wslink and ESPecter by ESET Research. These appearances will be followed by a talk at the Virus Bulletin conference in September 2022.
You can read it ESET Threat Report Q1 2022 on ESET's blog, WeLiveSecurity. Follow the ESET research team's Twitter account for the latest developments.
