Exclusive research from the report includes DevilsTounge spying on activists and journalists, a new campaign from the group APT Dukes and Gamaredon's activity in Ukraine
ESET, a global leader in the cybersecurity market, today released the Threat Report T2 2021 which summarizes trends observed by its detection systems and highlights advances in ESET cybersecurity research, including exclusive, never-before-seen updates on current threats.
The latest edition of the ESET Threat Report highlights several worrying trends that have been recorded by ESET telemetry, including increasingly aggressive ransomware techniques, escalating brute-force attacks, and phishing campaigns targeting people who work from home and who have become accustomed to carrying out many administrative tasks remotely.
The ransomware, which showed three major detection spikes during Q2, saw the highest ransom demands to date. The attack that disrupted the operations of Colonial Pipeline – the largest natural gas pipeline company in the United States – and the supply-chain attack that exploited a vulnerability in IT management software Kaseya VSA sent shockwaves that were felt far beyond the cybersecurity industry. Both cases appeared to point to financial payoff rather than cyberespionage, with the perpetrators of the Kaseya attack setting an ultimatum of $70 million – the heaviest ransom demand known to date.
"The ransomware gangs may have gone too far this time: law enforcement involvement in these high-impact attacks forced several gangs to leave the field. The same can't be said for TrickBot, which appears to have bounced back from last year's takedown efforts, doubling our detections and showing off new features," he explains Roman Kováč, Chief Research Officer di ESET. On the other hand, the permanent shutdown of Emotet at the end of April 2021 saw downloader detections halved compared to Q1 2021 and a reshuffling of the entire threat landscape.
Password-guessing attacks, which often act as a gateway to ransomware, saw further growth in Q2. Between May and August 2021, ESET detected 55 billion new brute-force attacks (+104% compared to Q1 2021) against public-facing Remote Desktop Protocol services. ESET telemetry also highlighted an impressive increase in the average number of attacks per day per unique client, which doubled from 1,392 attempts per machine per day in Q1 2021 to 2,756 in Q2 2021.
Exclusive research presented in the 2021 T2 Threat Report includes findings on the highly targeted spyware DevilsTongue, which is used to spy on human rights defenders, dissidents, journalists, activists and politicians; and a new spear phishing campaign by the APT group Dukes, which remains a primary threat to Western diplomats, NGOs and think tanks. A dedicated section describes the new tools used by the very active Gamaredon group which targets government bodies in Ukraine.
The ESET T2 2021 report also reviews the most important findings and results obtained by ESET researchers: among these, a new cross-platform APT group that targets both Windows and Linux systems; myriad security issues in Android stalkerware apps; and a diverse class of malware targeting IIS servers, highlighted in the Featured story section.
In addition to these findings, the report also summarizes the numerous talks given by ESET specialists and anticipates their participation in events planned for the coming months, including Virus Bulletin, AVAR, SecTor, to name a few. It also provides a summary of the company's contributions to MITER Engenuity ATT&CK®, which will focus on tactics, techniques and procedures applied by the Wizard Spider and Sandworm APT groups. ESET's close monitoring of the activities of the two groups could have a significant impact on the results of this assessment.
For more information, see ESET Threat Report T2 2021 su WeLiveSecurity.
