As the ESET report notes, the past two years have seen an increase in attacks on the RDP service, including brute-force password hacking techniques at the victim’s account. In 2021, the number of attacks of this type reached 288 billion, which is almost a 900% increase compared to 2020.

“The upward trend in 2020 is due, inter alia, to the situation related to the pandemic and the need to introduce remote work. The trend of this type of attack in the past year is even more worrying,” comments Beniamin Szczepankiewicz, Senior Specialist in Cyber ​​Security at ESET.

Check also:

According to ESET, the countries with the most brute force attacks under the RDP last year include Spain (51 billion), Italy (25 billion), France (21 billion), Germany (19 billion) and Poland (18 billion). Although the number of targets for these attacks is gradually decreasing, according to ESET security experts, cybercriminals should not be expected to abandon their interest in attacks on this service.

Weaknesses in Microsoft Exchange

Among the other more serious incidents of the past year, the ESET report mentioned attacks on Microsoft Exchange servers. A vulnerability in the system was exploited by at least ten different APT machines. The series of vulnerabilities behind this attack has been named ProxyLogon and it turns out to be the second most common external attack vector. Although Microsoft corrected the errors, in April 2021, Exchange servers were attacked again in August. ProxyLogon’s successor, ProxyShell, has been used by many cybercriminal groups around the world.

Vulnerability in Log4j

In December 2021, ESET detected hundreds of thousands of Log4j attack attempts targeting primarily customers in the US (37%), the UK (12%) and the Netherlands (8%). Despite the attacks occurring in the final weeks of the year, this vector was the fifth most used method of network attack throughout 2021. The log4j case scored a maximum of 10 on the CVSS scale as ranked by the Global Vulnerability System.

Ransomware is still hot

In 2021, there were ransomware attacks on critical infrastructure with high ransom demands. While the actions of law enforcement agencies have in some cases succeeded in influencing the activities of cybercriminals, forcing several groups to refrain from attacks, researchers at the same time note that some criminal groups have become more daring in formulating their demands. The best example of this is the family of ransomware called Hive, used to attack, among other things, MediaMarkt, which was facing a ransom demand of $240 million.

Android in the spotlight

The report also notes an increase in the number of Android banking malware. And their number increased, compared to 2020, by 428%. The largest number of threats in recent months were recorded by ESET telemetry systems in Mexico, Ukraine, Russia, Brazil and Turkey.

The positive news is that in the last four months of 2021, the number of detected threats to Android mobile devices decreased: in the case of Clickers (-48.4%), SMS Trojans (-29.6%), and crypto workers (-25, 4)% ) or adware (-9.9%) and surprisingly also banking malware (-20.6%).

Phishing is still dangerous

Attacks targeting Internet mailboxes were brought to the attention of ESET researchers, whose detection doubled over the year. This trend was mainly determined by the increase in the number of phishing emails. However, the form of trademarks that criminals are more likely to impersonate is changing. As Beniamin Szczepankiewicz points out, compared to the results of the previous version of the report, there was a 48% decrease in the number of emails impersonating Microsoft. The opposite was the case for phishing emails using DHL Image and WeTransfer, which grew significantly by 145% and 156%, respectively.

Emails impersonating DHL were particularly common in October, with most of the incidents discovered in Japan, Turkey and Hong Kong.

new threats

In the last months of 2021, ESET companies discovered many new threats in cyberspace. They include, among other things FontOnLake, a new family of malware targeting Linux machines, a previously undocumented UEFI boot suite called ESPecter, and FamousSparrow – a cyber-espionage suite targeting hotel chains, governments and private companies around the world. The ESET Threat Report T3 2021 also summarizes a comprehensive series of analyzes on banking Trojans in Latin America, and includes previously unpublished information on the operations of the APT Group. In the report, the researchers provide updated information on the activities of OilRig’s cyber-espionage group, the latest information about the use of ProxyShell in actual attacks, and new details on phishing campaigns run by cyber-espionage group The Dukes.

You can also hear about ransomware attacks, corporate data protection, and ways to defend against the consequences of cyberattacks on the Computerworld Tech Trends podcast