In the first third of 2022, there was a 37% increase in e-mail threats following the return of EMOTET damage. This is according to a report published by the information security company ESET. In addition, it is reported that Russia has become a significant target for ransomware attacks and other threats.
The number of RDP attacks has dropped by 43% for the first time since the beginning of 2020, along with the number of attempts for SQL (64%) and SMB (26%) attacks.
Prior to the invasion of Ukraine, Russia was not part of the list of targets for ransomware attacks, apparently due to the cybercriminals residing in these countries or due to fear of revenge; In the first third of 2022 Russia faced the largest share, standing at 12% of identifications of ransomware attacks.
The war has led to a significant increase in the number of phishing attacks and scams designed to exploit people who have tried to support Ukraine. The growth was detected in the immediate vicinity of the onset of the invasion.
In March and April 2022, Emotet operators went into gear and launched large-scale spam campaigns that included damage-pasted Word files, leading to a 113-fold increase in the number of damage identifications in the first quarter of 2022.
Emotet’s campaigns will be featured in the Email Threats category, where 37% growth was observed in the first quarter of 2022.
The information security company ESET publishes the threat report for the first third of 2022, which centralizes key statistics from the company’s identification systems. The latest edition of the threat report notes the various cyber attacks related to the ongoing war in Ukraine, which the same ESET investigators investigated or tried to thwart. Among them is also the resurgence of the infamous Industroyer damage, which tried to damage high-voltage electrical relay stations.
ESET telemetry data suggest changes in the world of cyber security that may be related to the situation in Ukraine. Roman Kovacs, the company’s vice president of research, explains why the report focuses mainly on the cyber threats associated with this war: “A number of conflicts are currently taking place in the world, but for us this conflict is different from others. “On the other side of Slovakia’s eastern borders, home to ESET and some of its offices, the Ukrainians are fighting for their lives and independence.”
Shortly before the Russian invasion, the information security and cyber security company identified a significant drop in the number of RDP attacks. This decline comes after two years of steady increase – and as explained in some of the loopholes in the latest report, the change in trend may be related to the war in Ukraine. However, even with this fall, almost 60% of the RDP attacks observed in the first third of 2022 came from Russia.
Another side effect of the war
Whereas in the past threats of infidelity were generally avoided from targets located within Russia, in the first third of 2022 Russia will become the country experiencing the largest amount of attacks, according to ESET telemetry data. Her investigators even identified lock screen damage using the Ukrainian national slogan “Ukrainian Slava!” (Glory to Ukraine!). Since the Russian invasion of Ukraine, there has been an increase in the amount of ransom damage and deletion from the amateur side. Their creators often express support for one of the warring parties and present the attacks as personal revenge.
As expected, both spam and phishing threats took advantage of the war. Immediately after the February 24 invasion, cybercriminals began exploiting the people trying to support Ukraine, through the use of fake fundraising campaigns. That same day, ESET blocked an unusually high number of spam messages.
In addition to the crisis of the Russia-Ukraine war, ESET has identified many other threats: “We can confirm that Emotet – the infamous damage spread mainly through spam – has returned after its thwarting attempts last year, and reappeared in our telemetry,” Kovacs explains. . Emotet operators have been running spam campaigns continuously, and the amount of damage IDs has increased more than 100 times.
ESET’s threat report for the first quarter of 2022 also reviews some of the most important research findings. ESET’s research body revealed: Kernel driver vulnerabilities, severe UEFI vulnerabilities, digital currency damage targeting Android and iOS devices, DazzleSpy damage distribution campaign for Macs not yet associated with attack group and Mustang Panda, Donot Team campaigns Winnti Group and the APT group known as TA410.
In addition, the report includes an overview of the lectures delivered by ESET researchers in the first trimester of 2022, and presents the lectures scheduled for the RSA and REcon conferences in June 2022, which present the findings of the ESET research body on Wslink and ESPecter. Discussion at the Virus Bulletin Conference in September 2022.