ESET Threat Report: MS Exchange Vulnerability is Cybercrime Driver. European IT security manufacturer continues to register a high level of attacks on home office workstations and cryptocurrencies.
What are the current security threats to home and business? What are the current activities of the hacker groups? The ESET Threat Report regularly provides answers to these and other questions. The main topic of the latest report is the latest discoveries made by ESET researchers about the vulnerability affecting Microsoft Exchange Server. The COVID-2021 pandemic as a topic of large-scale cybercrime campaigns subsided in the first four months of 19. There are also exclusive updates on the hacker groups Lazarus and Turla.
RDP attacks ahead
In the first four months of 2021, the COVID-19 pandemic was still the top topic in the news, but it was noticeably less prominent as a driver of cybercrime campaigns. "Fortunately, one could say, but unfortunately these have been superseded by other dangerous attacks by cybercriminals who exploit vulnerabilities and misconfigurations," says Roman Kováč, Chief Research Officer at ESET. These include continued abuse of the Remote Desktop Protocol (RDP), which remains the primary target of brute force attacks, an increasing number of cryptocurrency threats, and a steep rise in Android banking malware.
More than ten groups of hackers exploit vulnerabilities in Exchange
The Microsoft Exchange vulnerability has turned into a global crisis. Around 60.000 companies were affected. The vulnerability enables attackers to take over any accessible server. Overall, the ESET researchers identified more than ten different groups of hackers who are actively exploiting this vulnerability, in some cases even before the security updates were released.
Update on Turla and Lazarus
Advanced Persistent Threat (APT) groups aim to infiltrate a network and remain undetected there for as long as possible. The Lazarus group is currently active with a new malware campaign targeting job seekers. Turla noticed a backdoor that they smuggled into a foreign ministry in an Eastern European country. The hackers used OneDrive as the command & control server.
Via the ESET Threat Report
The ESET Threat Report is now published three times a year, each covering a period of four months. The current report for the first quarter covers the months from January to April 2021.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.