During the first four months of this year, the COVID-19 pandemic was still the number one news topic around the world; however, it became notably less prominent in the threat landscape. One could say “fortunately”, yet as you’ll see in our latest report, we are continuing to see worrying examples of cybercrooks being able to rapidly abuse trending vulnerabilities and flaws in configuration with focus on the highest ROI.
These abuses include the RDP protocol still being the number one target of brute-force attacks, increased numbers of cryptocurrency threats, and a steep increase of Android banking malware detections.
While examining these threats, our researchers also analyzed a vulnerability chain that allows an attacker to take over any reachable Exchange server. The attack has become a global crisis and our researchers identified more than 10 different threat actors or groups that likely leveraged this vulnerability chain.
Many servers around the world remained compromised, so in the United States, the FBI decided to solve this issue by using the access provided by the malicious webshells themselves as an entry point to remove the webshells, which demonstrated the US government’s commitment to disrupt hacking activity using any and all legal tools that apply, not just prosecutions.
Similarly, following a large-scale, global operation to take down the infamous Emotet botnet, law enforcement pushed a module to all infested devices, to uninstall the malware. Will this become a new trend? Will we see law enforcement adopt a more proactive approach to solving cybercrime cases in the future? We’ll keep an eye out for that.
Before you dive into our latest findings, we would like to make you aware of a slight change in the frequency of the reported data. Starting with this issue we will aim for a triannual version, meaning that each report will cover a four-month period. For easier orientation, in this report the T 1 abbreviation describes the period from January until April, T2 covers May through August, and T3 encompasses September till December.
This report also reviews the most important findings and achievements by ESET researchers, such as an ongoing series investigating Latin American banking trojans, the discovery of the Kobalos malware that attacks high performance computer clusters and other high-profile targets, Operation Spalax that targeted Colombian government organizations and private entities, a highly targeted supply‑chain attack that focused on online gaming in Asia, and a new Lazarus backdoor that was used to attack a freight logistics company in South Africa.
Additionally, this report brings several exclusive ESET research updates and new findings about the APT groups Turla and Lazarus. It also includes information about malware that steals tweaks from jailbroken iOS devices.
During the past few months, we have continued to share our knowledge at virtual cybersecurity conferences, speaking RSA and the ESET European Cybersecurity Day. For the upcoming months, we are excited to invite you to ESET’s talks and workshops at Black Hat USA and others.
Follow ESET research on Twitter for regular updates on key trends and top threats.
To learn more about how threat intelligence can enhance the cybersecurity posture of your organization, visit the ESET Threat Intelligence page.