ESET released its T2 2021 Threat Report on Friday, highlighting a number of concerning trends, including more invasive ransomware tactics, increased brute-force attacks, and deceptive phishing campaigns targeting people who work from home and are accustomed to performing several administrative tasks remotely.
Ransomware recorded the largest ransom demands to date, with three major detection spikes in the second quarter. The supply-chain attack, which exploited a security flaw in the Kaseya VSA IT management software, brought the operations of a colonial pipeline – the largest US pipeline company – to a halt, sending shockwaves far beyond the cybersecurity industry. The perpetrator of the Kaseya attack reportedly demanded $70 million in ransom, the biggest known demand to date.
Ransomware gangs have grown in strength this time, as law enforcement intervention in these cases has caused many to leave the game. The same cannot be true for TrickBot, which has recovered from last year’s turbulence by doubling our detections and adding new capabilities, according to Roman Kovac, ESET’s Chief Research Director. After the final shutdown of Emotet in April 2021, downloader detection was decreased by half compared to the first quarter, and the entire threat landscape was reshuffled.
Roman Kováč, Chief Research Officer at ESET, explained “Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field. The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features,”
Password guessing attacks, which are frequently used as a doorway for Ransomware, grew even more in T2. Between May and August 2021, ESET detected 55 million new brute-force attacks (+ 104 percent from T1 2021) against public-facing remote desktop protocol services. According to ESET telemetry, the average number of daily attacks per unique client which doubled from 1,392 attempts per machine per day in T1 2021 to 2,756 in T2 2021.
The findings of the highly targeted DevilsTongue spyware, which is used to spy on human rights defenders, dissidents, journalists, activists, and politicians; and a new spear-phishing campaign by the Dukes APT group, which remains a major threat to Western diplomats, NGOs, and think tanks, are included in the T2 2021 Threat Report. A separate section details the latest tools used by the highly active Gamaredon threat group targeting Ukraine’s governmental organizations.