RDP attacks (-43%) fall, followed by attack attempts against SQL (-64%) and SMB (-26%); Russia has undergone the largest share of surveys (12%) in the ransomware category; Emotet has released Spam campaigns using modified Microsoft Word documents, with an increase of 113 times of the surveys, with an increase of 37% in the category of e-mail threats.
ESET, global leader in the cybersecurity market, published the Threat Report T1 2022, which summarizes the tendencies observed by its detection systems and highlights the progress in ESET research on cybersecurity, including exclusive and unpublished updates on the most common threats. The latest edition of the Eset Threat Report reports i Various cyberattacchi Tied to the current war in Ukraine that ESET researchers analyzed or contributed to mitigate. Among these, the reappearance of the Fazed Malware Industroyer, who attempted to hit high voltage electrical subsits
The ESET telemetry also recorded other changes in the context of computer threats that could have a connection with the situation in Ukraine. Roman Kováč, Chief Research Officer di ESET, clarifies the reason why this report is thus focused on the computer threats related to the conflict: "We feel strongly involved by what happens right beyond the eastern boundaries of Slovakia, where ESET has its headquarters and different offices, and where the Ukrainians are fighting for their lives and their sovereignty".
Shortly before the Russian invasion, the ESET telemetry recorded a strong decline in the attacks on the remote Desktop Protocol (RDP) after two years of constant growth and, as explained in the Exploits section of the last Threat Report of ESET, this turning point could be linked to the war in Ukraine. But despite this decrease, almost 60% of the incoming RDP attacks seen in T1 2022 originated in Russia.
Another side effect of the conflict: while in the past the Ransomware threats tended to avoid the objectives located in Russia, in this period, always according to ESET telemetry, Russia has been the most targeted country. ESET researchers have even detected variants of lock screen containing the Ukrainian national greeting "Slava Ukraini!". (Gloria to Ukraine!). After the Russian invasion there was an increase in the number of ransomware and amateur wiper whose authors often declare support to one of the struggle parts and define attacks as a personal revenge.
It is not surprising that the war was also used for spam and phishing threats. Immediately after the invasion of February 24, computer criminals began to take advantage of the people who tried to support Ukraine, using as bait Charity and fictitious funds rates. That day, the ESET telemetry highlighted a strong peak of spam detections.
Telemetry has also detected many other threats not related to the conflict between Russia and Ukraine. "We can confirm that Emotet, the notorious malware spread mainly by spam e-mail, has returned after the attempts to remove last year and is growing again in our telemetry," explains Kováč. Emotet operators have launched several spam campaigns in T1, with a growth in surveys over a hundred times. However, as the Threat Report observes, the campaigns based on harmful macros could have been the latest, given the recent Microsoft move to disable the macro from the Internet by default in the Office programs. Following this change, EmoTet operators began to test other impairment vectors on much smaller victims of victims.
The Threat Report T1 2022 reviews also the most important results obtained by ESET specialists: among these, The abuse of the vulnerabilities of the kernel drivers; UEFI vulnerability at high risk; the cryptocurrency malware that It affects Android and iOS devices; a campaign not yet attributed that distributes the Macos Dazzlespy malware; and the campaigns of Mustang Panda, Donot Team, Winnti Group and the APT TA410 group.
The report also contains an overview of the numerous interventions held by ESET researchers in T1 2022 and anticipates their participation in the RSA and Recon conferences in June 2022, where the discoveries of Wslink and Especter will be illustrated by ESET Research, which will follow an intervention at the Virus Bulletin conference in September 2022.
For more information, consult the T1 2022 ESET REPORT on WeLiveSecurity.
