Published on Q4 2020 Threat Report
ESET, a global leader in the cybersecurity market, highlighted in the report the most significant data obtained from detection systems and progress in cybersecurity research. Precisely because it is the final summary on the threats of 2020, the report contains comments on the trends observed by ESET researchers and related predictions.
The pandemic affected the cybercrime landscape for the entire year. In particular, the new attack surface that has been created with the transition to remote working has caused further growth in Remote Desktop Protocol (RDP) attacks, albeit at a slower pace in the last period compared to previous quarters. Between Q1 and Q4 2020, ESET's telemetry systems saw an increase of 768% of RDP attack attempts. "Defending against RDP attacks should not be underestimated, especially given ransomware is commonly spread through RDP exploits which, with increasingly aggressive tactics, poses a great risk to both the private and public sectors. As remote working security improves, the boom in RDP exploits is expected to slow down – we have already seen some signs in the fourth quarter," he stressed Roman Kováč, Chief Research Officer di ESET.
Another trend observed in the period is the increase in threats affecting Covid-19 themed email traffic, linked to the vaccination campaigns at the end of the year which offered hackers the opportunity to expand the range of weapons used, a trend that will continue in 2021.
Featured in the Report are the events of last October, when ESET participated in the global operation to stop TrickBot, one of the largest and longest-lived botnets. These joint efforts led to the elimination of 94% of TrickBot servers in just one week. "There has been a marked decline in TrickBot activity following the interventions at the end of the year. We are constantly monitoring the TrickBot botnet and the level of activity to date is decidedly low," he commented Jean-Ian Boutin, Head of Threat Research di ESET.
The Threat reports also examined the main findings obtained by ESET researchers: a previously unknown APT group targeting the Balkans and Eastern Europe, called
The Report also provides updates on Lazarus' In(ter)ception operation, the Winnti group's PipeMon backdoor and changes to the tools used by InvisiMole.
The Report also contains a description of the interventions of ESET specialists, anticipates their participation in the RSA Conference in May 2021 and provides a summary of the company's contributions to the MITER ATT&CK knowledge base.
For more information see the Q4 2020 Threat Report.
