ESET’s report shows how war is changing the threat landscape in general. […]
The European security manufacturer ESET has published its current “T1 2022 Threat Report”. In it, the specialists summarize the most important statistics of ESET detection systems and show remarkable examples from cybersecurity research. The latest issue of the ESET Threat Report reports on various cyberattacks related to the Russian invasion of Ukraine, which were detected or could be repelled by ESET researchers. This also includes the comeback of the notorious malware Inductroyer. With this malicious program, substations in Ukraine were to be paralyzed.
Cyberwar in Ukraine is changing the threat landscape
ESET telemetry also recorded further changes in cyber threats that may be related to the situation in Ukraine. Roman Kováč, Chief Research Officer at ESET, explains why this report mainly focuses on cyber threats related to the war: “There are several conflicts raging in different parts of the world, but this one is different for us. Right on the eastern border of Slovakia, where ESET has its headquarters and several offices, Ukrainians are fighting for their lives and sovereignty.“
For the first time in more than two years, attempts to attack RDP connections fell sharply by almost half. But even with this decline, almost 60 percent of the RDP attacks recorded in the first quarter of 2022 originate from Russia.
Attacks on databases (SQL injections) also decreased by 64 percent and on SMB protocols by more than a quarter.
The ESET researchers see possible reasons for the decline in the lifting of remote work at companies after the end of many corona restrictions and in improved IT security measures.
Ransomware and fraud campaigns are gaining momentum
Before the invasion, Russia was not on the target list of ransomware attacks. Since the invasion of Ukraine, it has been the most attacked country. In the first quarter, ESET researchers detected the most ransomware attacks in Russia with 12 percent, including lockscreen variants with a Ukrainian national greeting.
During this period, the number of amateur ransomware and Wipersoftware has also increased. Their authors so often show their political point of view and turn the attacks into a personal vendetta. It is expected that this trend will continue or even intensify in the coming months.
Fraudsters are also taking advantage of the war in Ukraine, and phishing and fraud campaigns are on the rise. Immediately after the 24th of February, calls of alleged charities and fictitious fundraisers appeared to support the Ukrainians.
ESET telemetry has also detected many other threats that are not related to the Ukraine war. “Emotet, the notorious and already presumed dead malware, which was mainly spread via spam emails, has reappeared and shot through the roof in our detection systems,” explains Kováč.
In March and April 2022, the Emotet operators launched massive spam campaigns with Microsoft Word documents and the number of malware detections increased by more than a hundredfold. However, according to Microsoft, this could soon be over, since the tech giant has disabled the macros attacked by the hackers in Office programs by default.
ESET Threat Report Reveals More Vulnerabilities and Malware Trends
The new Threat Report provides an overview of the most important research findings on further security vulnerabilities and malware developments. These include, for example, the abuse of kernel driver vulnerabilities, fire-dangerous UEFI vulnerabilities, cryptocurrency malware targeting Android and iOS devices, an as-yet unassigned campaign using the DazzleSpy macOS malware, as well as the campaigns of Mustang Panda, Donot Team, Winnti Group and the TA410 APT group.
The report also includes an overview of various lectures by ESET researchers from the first quarter of the year. In addition, he gives an outlook on the contributions for the RSA and REcon conferences in June 2022, at which the researchers will present findings on the discoveries of Wslink and ESPecter. The ESET research team will also publish further results at the Virus Bulletin Conference in September 2022.