A view of the T2 2021 menace panorama as seen by ESET telemetry and from the angle of ESET menace detection and analysis specialists
Regardless of threats seemingly looming round each nook (I’m taking a look at you, Delta), the previous 4 months have been the time of summer season holidays for many people situated within the northern hemisphere, providing a much-needed break after the powerful begin of the yr.
I want the identical may very well be mentioned for the realm of cyberthreats, however as you’ll study within the following pages, we’ve seen a number of regarding traits as an alternative: more and more aggressive ransomware ways, intensifying brute-force assaults, and misleading phishing campaigns focusing on folks working from house.
Certainly, the ransomware scene formally grew to become too busy to maintain monitor of in T2 2021, but some incidents have been unattainable to overlook. The assault shutting down the operations of Colonial Pipeline – the most important pipeline firm within the US – and the supply-chain assault leveraging a vulnerability within the Kaseya IT administration software program, despatched shockwaves that have been felt not solely within the cybersecurity trade.
Not like the SolarWinds hack, the Kaseya assault appeared to pursue monetary achieve reasonably than cyberespionage, with the perpetrators setting a US$70 million ultimatum – the heftiest identified ransom demand thus far.
Nevertheless, ransomware gangs could have overdone it this time: the involvement of legislation enforcement in these excessive influence incidents pressured a number of gangs to go away the sector. The identical can’t be mentioned for TrickBot, which seems to have bounced again from final yr’s disruption efforts, doubling in our detections and boasting new options. Emotet, then again, following a ultimate shutdown on the finish of April, disappeared from the scene, reshuffling the entire menace panorama.
However that’s simply part of the developments seen in our telemetry – I invite you to learn the Statistics & Tendencies part of this report back to see the complete image.
The previous 4 months have been fruitful when it comes to analysis, too. Our researchers uncovered – amongst others – a various class of malware focusing on IIS servers; a brand new cross-platform APT group focusing on each Home windows and Linux methods; and a myriad of safety points in Android stalkerware apps.
Additionally they took a more in-depth have a look at the actions of the Gamaredon group, the Dukes, and the extremely focused DevilsTongue spy ware, with the latter findings offered completely on this report.
With their deep dive into IIS malware and stalkerware, ESET researchers made it to Black Hat USA and the RSA Convention – yow will discover wrap-ups of their talks within the ultimate chapter of this report. For the upcoming months, we’re completely satisfied to ask you to ESET talks at Virus Bulletin, AVAR, SecTor, and plenty of others.