A view of the T1 2021 menace panorama as seen by ESET telemetry and from the angle of ESET menace detection and analysis specialists
In the course of the first 4 months of this 12 months, the COVID-19 pandemic was nonetheless the primary information matter world wide; nonetheless, it turned notably much less outstanding within the menace panorama. One may say “happily”, but as you’ll see in our newest report, we’re persevering with to see worrying examples of cybercrooks with the ability to quickly abuse trending vulnerabilities and flaws in configuration with deal with the very best ROI.
These abuses embody the RDP protocol nonetheless being the primary goal of brute-force assaults, elevated numbers of cryptocurrency threats, and a steep enhance of Android banking malware detections.
Whereas analyzing these threats, our researchers additionally analyzed a vulnerability chain that enables an attacker to take over any reachable Change server. The assault has develop into a world disaster and our researchers recognized greater than 10 totally different menace actors or teams that doubtless leveraged this vulnerability chain.
Many servers world wide stayed compromised, so in the US, the FBI determined to unravel this challenge by utilizing the entry offered by the malicious webshells themselves as an entry level to take away the webshells, which demonstrated the US authorities’s dedication to disrupt hacking exercise utilizing any and all authorized instruments that apply, not simply prosecutions.
Equally, following a large-scale, world operation to take down the notorious Emotet botnet, legislation enforcement pushed a module to all infested gadgets, to uninstall the malware. Will this develop into a brand new development? Will we see legislation enforcement undertake a extra proactive strategy to fixing cybercrime instances sooner or later? We’ll hold a watch out for that.
Earlier than you dive into our newest findings, we wish to make you conscious of a slight change within the frequency of the reported knowledge. Beginning with this challenge we are going to purpose for a triannual model, which means that every report will cowl a four-month interval. For simpler orientation, on this report the T1 abbreviation describes the interval from January till April, T2 covers Might by means of August, and T3 encompasses September until December.
This report additionally opinions a very powerful findings and achievements by ESET researchers, comparable to an ongoing collection investigating Latin American banking trojans, the invention of the Kobalos malware that assaults excessive efficiency laptop clusters and different high-profile targets, Operation Spalax that focused Colombian authorities organizations and personal entities, a extremely focused provide‑chain assault that centered on on-line gaming in Asia, and a brand new Lazarus backdoor that was used to assault a freight logistics firm in South Africa.
Moreover, this report brings a number of unique ESET analysis updates and new findings in regards to the APT teams Turla and Lazarus. It additionally consists of details about malware that steals tweaks from jailbroken iOS gadgets.
In the course of the previous few months, we’ve got continued to share our information at digital cybersecurity conferences, talking RSA and the ESET European Cybersecurity Day. For the upcoming months, we’re excited to ask you to ESET’s talks and workshops at Black Hat USA and others.
Comply with ESET research on Twitter for normal updates on key traits and high threats.
To study extra about how menace intelligence can improve the cybersecurity posture of your group, go to the ESET Threat Intelligence web page.