Further decrease in RDP attack attempts (-89%); decline in politically motivated ransomware; Emotet continued to be active; sixfold increase in shipping-themed phishing URLs; the well-known web skimmer Magecart accounted for three-quarters of all banking malware detections; Despite the decline in threats to cryptocurrencies and the price of bitcoin, the Cryptostealer category has grown by almost 50%.
ESET, global leader in the cybersecurity market, published the Threat Report T2 2022, which summarizes trends observed by its detection systems and highlights advances in ESET cybersecurity research. The latest edition of the ESET Threat Report (which covers the period from May to August 2022) sheds light on how ideological ransomware has changed, on Emotet's activity, on the most used phishing baits, on how the collapse in cryptocurrency exchange rates has affected online threats and on the continued sharp decline in attacks via Remote Desktop Protocol (RDP). ESET analysts attribute the decrease in this type of attacks to the conflict between Russia and Ukraine, as well as the return to in-person work in offices after the pandemic and the general improvement in the security of company spaces.
Even though the numbers have been declining, Russian IP addresses have continued to be responsible for the majority of RDP attacks. "In Q1 2022, Russia was the country most targeted by ransomware, with attacks driven by political or ideological reasons related to the conflict. The new Report shows that this wave of hacktivismo decreased in Q2 and that ransomware operators have turned their attention to the United States, China and Israel,” he explains Roman Kováč, Chief Research Officer di ESET.
According to ESET telemetry, August was a month of rest for the operators of Emotet, the most active downloader group. Its authors also had to adapt to Microsoft's decision to disable VBA macros in documents coming from the Internet and focused on campaigns based on weaponized Microsoft Office files and LNK files.
The report also examines threats that primarily affect home users. ESET's phishing feeds have shown a six-fold increase in shipping-themed phishing baits, which in most cases present victims with false shipping address verification requests from DHL and USPS.
"When it comes to threats that directly target virtual and physical currencies, a web skimmer known as Magecart remains the main threat to the security of online shoppers' credit card data. We have also seen a doubling of cryptocurrency-themed phishing baits and an increase in the number of cryptostealers," explains Kováč.
The Threat Report T2 2022 also reviews the most important findings and results obtained by ESET specialists. These include the discovery of a previously unknown macOS backdoor later attributed to ScarCruft; of an updated version of the Sandworm APT group's ArguePatch malware loader and a Lazarus payload in Trojan-affected apps. The researchers then analyzed an instance of the Lazarus Operation In(ter)ception campaign that targeted macOS devices during spearphishing in crypto-waters. ESET researchers also discovered buffer overflow vulnerabilities in Lenovo's UEFI firmware and a new campaign using a fake Salesforce update as bait.
The report also contains an overview of the numerous speeches held by ESET researchers in recent months and anticipates their participation in AVAR, Ekoparty and many other in-depth meetings.
For more information, see l’ESET Threat Report T2 2022 su WeLiveSecurity.
