Story image

ESET Threat Report highlights aggressive ransomware tactics and intensifying password-guessing attacks

By Shannon Williams, Fri 1 Oct 2021

ESET has released its T2 2021 Threat Report, summarising key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research, including exclusive, previously unpublished updates on current threats.  

The latest issue of the ESET Threat Report highlights several concerning trends that were recorded by ESET telemetry, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.

Ransomware, showing three major detection spikes during T2, saw the largest ransom demands to date. The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves that were felt far beyond the cybersecurity industry. Both cases appeared to pursue financial gain rather than cyberespionage, with the perpetrators of the Kaseya attack setting a USD 70 million ultimatum – the heftiest known ransom demand so far.

“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field," says Roman Kov, chief research officer at ESET.

"The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features,” he says. 

"On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader detections down by half compared to T1 2021 and a reshuffling of the whole threat landscape."

Password-guessing attacks, which often serve as a gateway for ransomware, saw further growth in T2. Between May and August 2021, ESET detected 55 billion new brute-force attacks (+104% compared to T1 2021) against public-facing Remote Desktop Protocol services. ESET telemetry also saw an impressive increase in the average number of daily attacks per unique client, which doubled from 1,392 attempts per machine per day in T1 2021 to 2,756 in T2 2021.

The exclusive research presented in the T2 2021 Threat Report includes findings about the highly targeted DevilsTongue spyware, which is used to spy on human rights defenders, dissidents, journalists, activists, and politicians; and a new spear phishing campaign by the Dukes APT group, which remains a prime threat to Western diplomats, NGOs, and think tanks. A separate section describes new tools employed by the highly active Gamaredon threat group targeting governmental organisations in Ukraine.

The ESET T2 2021 Threat Report also reviews the most important findings and achievements by ESET researchers: a new cross-platform APT group targeting both Windows and Linux systems; a myriad of security issues in Android stalkerware apps; and a diverse class of malware targeting IIS servers, highlighted in the Featured story section.

Recent stories
More stories