ESET publishes its threat report for the third quarter of 2021 and assesses the IT security situation. Emotet is back. Attacks on Microsoft Exchange servers are one of the most used attack vectors in 2021.
In the current report, the security experts of the European IT security manufacturer examine the most common attack vectors of the past twelve months, the reason for the increase in email threats and the rapidly increasing attacks on home offices. Microsoft Exchange servers were among the top targets for hackers throughout the year.
Exchange, Log4j, Log4Shell, RDP attacks
Of course, the Log4Shell vulnerability is also a central topic of the report. Although the vulnerability only became known in mid-December, attacks on it were still one of the top attack vectors in 2021. With 19 billion RDP attack attempts in Germany, Austria and Switzerland alone, home office workers were clearly targeted by online criminals in 2021. The last Threat Report of 2021 also includes assessments of the general eCrime trends observed over the course of the year. One of the highlights are the exclusive results on the activities of APT groups such as OilRig or Dukes.
Log4j / Log4Shell - CVS 10 points
“Rating a 4 point in the Common Vulnerability Scoring System, the Log10Shell vulnerability put countless servers at risk of full takeover – so it was no surprise that cybercriminals immediately took advantage of it. Despite only emerging in the last three weeks of the year, Log4j attacks were the fifth most common external attack vector in our statistics for 2021, showing how quickly threat actors are exploiting emerging critical vulnerabilities,” said Roman Kováč, Chief Research Officer at ESET .
RDP attacks nearly quadrupled in 2021
The ESET security experts recorded over 19 billion attacks on the RDP protocol in 2021 in Germany, Austria and Switzerland alone. That's around 52 million attacks on average per day. In 2020 there were over 5,2 billion attacks. It is puzzling that the numbers have continued to rise, despite the fact that 2021 was no longer marked by the chaos of newly imposed lockdowns and rushed shifts to remote working. This attack method has proven to be extremely lucrative and effective for criminals to get into corporate networks as well.
Microsoft Exchange under constant attack
The ESET Threat Report T3 /21 shows the trends (Image: ESET).
The ProxyLogon vulnerability was the second most common external attack vector in 2021 according to ESET telemetry. Microsoft Exchange servers were attacked again in August 2021. A successor variant of ProxyLogon called ProxyShell was used here. This vulnerability was immediately exploited by several APT groups and other actors. The targets were scattered all over the world.
The king is dead, long live the king
At the end of the year, the Emotet malware reappeared on the scene. Earlier this year there were reports that several authorities had switched off the network behind it. However, since around November, several systems infected with the Trickbot malware have started installing new variants of Emotet. In the past it was exactly the other way around. ESET experts suspect that the criminals are using TrickBot's infrastructure to revive the botnet.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.