ESET Threat Report T2 / 2021: Aggressive ransomware tactics and password theft threaten Internet users. Increased spying on activists and journalists through DevilsTongue.
The IT security manufacturer ESET has published its second "Threat Report 2021" (T2 / 2021), which summarizes the security threat situation from May-August 2021. The ESET researchers analyzed worrying trends: More and more aggressive ransomware tactics, increasing brute force attacks and targeted advanced persistent threats (APT) that attack human rights activists, journalists and politicians, among others. The entire report can be downloaded free of charge from www.welivesecurity.de.
Ransomware remains extremely dangerous
Ransomware TopTen: ESET has published its second "Threat Report 2021" (T2 / 2021) (Image: ESET).
The direction of ransomware is more and more “faster, more professional, more expensive”. Several ransom records have tumbled in the past four months. The attack on the largest pipeline company in the USA - Colonial Pipeline - and the attack on a vulnerability in the IT management software Kaseya VSA triggered shock waves that were felt far beyond the cybersecurity industry. Both cases appeared to be about financial gain rather than cyber espionage. For example, criminals demanded a $ 70 million ransom from Kaseya. This sum was a sad achievement.
But Roman Kováč, Chief Research Officer at ESET, sees a small glimmer of hope on the horizon: “Ransomware gangs may have overdone it this time: The involvement of the law enforcement authorities in the serious incidents forced several groups of perpetrators to leave the field. In addition, the final shutdown of Emotet at the end of April 2021 meant that the detections of so-called loaders were halved compared to the period January-April 2021. ”On the other hand, TrickBot seems to have recovered from last year's disruptions. The ESET researchers recorded a doubling of the detections as well as new functions.
Passwords as a climbing aid for ransomware
Password theft and spying on passwords continue to boom. They serve as a tried and tested tool for designing ransomware attacks. Publicly accessible Remote Desktop Protocol services are a particular focus of criminals: Between May and August 2021, ESET discovered 55 billion new brute force attacks (+ 104% compared to T1 in 2021) against the digital lifeline between home computers and networks. ESET telemetry also saw an impressive increase in the average number of daily attacks per individual client. This doubled from 1.392 attempts per computer and day in T1 2021 to 2.756 in T2 2021.
Highly active Advanced Persistent Threats (APT)
The ESET experts rate the spyware DevilsTongue as very worrying. Hackers use it to target human rights activists, dissidents, journalists, activists and politicians. These groups of people are spied on to the maximum and the information obtained may be used against them.
The current spear phishing campaign by the APT group Dukes falls in the same direction. It continues to be a major threat to Western diplomats, non-governmental organizations and think tanks. The hacker group Gamaredon is also making a name for itself again because it targets government organizations in Ukraine.
Further analyzes and international lectures
ESET Threat Report T2 / 2021 also provides an overview of a new cross-platform APT group targeting both Windows and Linux systems, a variety of security issues in Android stalkerware apps and a family of malware that target it targeting IIS servers.
Finally, the report includes several presentations that ESET researchers and experts have given over the past few months or prepared for the upcoming Virus Bulletin, AVAR, SecTor and many other conferences. He will also provide a general outlook on ESET's participation in the MITER Engenuity ATT & CK evaluation, which will focus on the tactics, techniques and procedures of the APT groups Wizard Spider and Sandworm.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.