With the Threat Report, ESET regularly publishes results from its own detection systems and special incidents from the European IT security manufacturer's cybersecurity research. An important result in the second quarter of 2022: GandCrab is the most active ransomware in DA-CH.
The latest edition for the second quarter of 2022 highlights the period from May to August. While the ransomware GandCrab plays a rather small role in a global comparison, the encryption Trojan dominates the ESET detection statistics in Germany, Austria and Switzerland. Almost one in four ransomware finds can be traced back to GandCrab. Another interesting change is that politically motivated ransomware is on the decline.
Emotet is also coming back more and more
Those believed dead live longer: Emotet is increasingly spreading its mischief in Japan and Italy. RDP (Remote Desktop Protocol) attacks also continued to ease throughout the year, down approximately 89 percent compared to the first tertial (January through April). Phishing emails with supposed shipping confirmations from well-known delivery services such as DHL are currently particularly active. These and other interesting facts can be found in the current ESET Threat Report on WeLiveSecurity.
According to ESET analysts, the sharp drop in RDP attacks is due to the war between Russia and Ukraine, the return to offices and overall improved security measures in the corporate environment. Despite the declining numbers, Russian IP addresses continued to be responsible for the majority of RDP attacks. “In T1 2022, Russia was also the country hardest hit by ransomware, with some of the attacks being politically or ideologically motivated by the war. However, the ESET Threat Report T2 2022 shows that this hacktivism wave receded from May to August and ransomware operators turned their attention to the United States, China and Israel,” explains Roman Kováč, Chief Research Officer at ESET.
GandCrab dominates recognition in the DACH region
🔎 AgentTesla tops the list of info-stealers (Image: ESET).
Only 2,5 percent of detections worldwide go back to the encryption Trojan GandCrab. In Germany, Austria and Switzerland, however, ransomware is involved in almost every fourth detection (22,5 percent). All in all, it is precisely the technically advanced actors who are moving away from the model of mass distribution. Hackers are increasingly focusing on targeted attacks and ransomware-as-a-service schemes. Also, there are many encryption “test” projects on GitHub that can easily be reused as part of a new ransomware.
Phishing: Increase in malicious shipping confirmations
The Threat Report also addresses threats that mainly affect home users. The ESET phishing feeds show a sixfold increase in phishing emails, most of which lure with fake DHL and USPS requests to check delivery addresses and supposed shipping confirmations. Alongside these findings, the report also summarizes the many presentations ESET researchers have given over the past few months.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.