Surge in Android banking malware and RDP attacks - ESET
A new report from cybersecurity firm ESET has revealed rapid abuse of trending vulnerabilities and configuration flaws by cyber crooks.
The T1 2021 Threat Report found 59.6% increase in Remote Desktop Protocol (RDP) attack attempts globally in T1 2021 vs T3 2020, while Android banking malware increased by 158.7% for the same period. Cryptocurrency threats increased by 18.6%.
The report, summarises key statistics from ESET detection systems and highlighting notable examples of ESETs cybersecurity research, including exclusive, previously unpublished updates on current threats.
ESET Research aims to have a tri-annual publication, meaning that each report will cover a four-month period. The T1 abbreviation describes the period from January to April, T2 from May to August, and T3 from September to December.
"During the first four months of this year, the COVID-19 pandemic was still the number one news topic globally; however, it became notably less prominent in the threat landscape," says Roman Kov, chief research officer at ESET.
"One could say fortunately, yet as you will see in our report, we are continuing to see worrying examples of cyber crooks rapidly abusing trending vulnerabilities and configuration flaws with a focus on achieving high returns on investment," he says.
"These abuses include continued abuse of the remote desktop protocol (RDP), which remains the number one target of brute-force attacks, increased numbers of cryptocurrency threats, and a steep increase of Android banking malware detections."
The featured story of the report recounts ESET Research's analysis of a vulnerability chain that allows an attacker to take over any reachable Exchange server. The attack has become a global crisis and ESET researchers identified more than 10 different threat actors or groups that likely leveraged this vulnerability chain.
The research presented in the T1 2021 Threat Report brings several updates and new findings about the APT groups Turla and Lazarus. It also includes information about a malicious iOS tweak, which is an application that leverages runtime patching in order to change program behaviour, to execute shell commands on jailbroken and compromised iOS devices.
ESET researchers uncovered the Kobalos malware, which attacks high performance computer clusters and other high-profile targets; Operation Spalax, which targets Colombian government organisations and private entities; a highly targeted supply chain attack that focused on online gaming in Asia; and a new Lazarus backdoor that was used to attack a freight logistics company in South Africa.
Besides these findings, the report also recapitulates the many virtual talks held by ESET research specialists in T1, introduces talks planned for the upcoming months, and provides an overview of ESETs participation in the MITRE ATT-CK Evaluations that emulated the Carbanak and FIN7 adversary groups.