ESET on Friday released its T2 2021 Threat Report, which underlined several troubling trends, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.
Ransomware, showing three major detection spikes during the second quarter, saw the highest ransom demands to date. The attack collapsed the operations of a colonial pipeline – the largest US pipeline company – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves far beyond the cybersecurity industry. The offender of the Kaseya attack has asked for $70 million – the highest known ransom demand so far.
This time, Ransomware gangs have magnified, as the involvement of law enforcement in these incidents forced many to exit the playing field. The same can’t be said for TrickBot, which has bounced back from the previous year’s turmoil, doubling our detections and offering new features, said Roman Kovac, Chief Research Director at ESET. At the end of April 2021, after the final shutdown of Emotet, downloader detection was down by half as compared to the first quarter and reshuffling of the entire threat landscape was also seen.
“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field. The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features,” explains Roman Kováč, chief research officer at ESET.
For Ransomware, password guessing attacks, which often serve as gateway saw further growth in T2. ESET detected 55 million new brute-force attacks ( + 104% compared to T1 2021 ) against public-facing remote desktop protocol services during May and August 2021. ESET telemetry also witnessed an impressive increase in the average number of daily attacks per unique client, which doubled from 1,392 attempts per machine per day in T1 2021 to 2,756 in T2 2021.
The exclusive analysis introduced in the T2 2021 Threat Report includes the findings of the highly targeted DevilsTongue spyware, which is used to spy on human rights defenders, dissidents, journalists, activists, and politicians; and a new spear-phishing campaign by the Dukes APT group, which remains a prime threat to Western diplomats, NGOs, and think tanks. A separate section describes new tools employed by the highly active Gamaredon threat group targeting governmental organizations in Ukraine.