Information security company ESET released its latest threat report in which it also reveals that Log4j attacks quickly became the fifth most common external intrusion vector of 2021, while password guessing was the first.
The ESET research team, a leading proactive threat detection company, has released its Threat Report for the last quarter of 2021, which summarizes key statistics from ESET’s detection systems and highlights examples of ESET’s cyber security research, including exclusive and unpublished updates on current threats.
The latest edition of the ESET Threat Report (covering September-December 2021) sheds light on the most common external attack vectors, the reason behind the rise in email threats, and changes in the prevalence of certain types of threats due to the fluctuating exchange rates of crypto currencies.
Highlights of the report include:
- Ransomware exceeded the worst expectations in 2021, with attacks against critical infrastructure, outrageous ransom demands, and more than $5 billion in potential bitcoin transactions in the first half of 2021 alone.
- Android banking malware detections increased 428% in 2021 compared to 2020.
- RDP attack numbers for the final weeks of Q3 2021 broke previous records, equating to 897% year-over-year growth.
- The ProxyLogon vulnerability was the second most frequent external attack vector in ESET statistics for 2021, right after password guessing attacks.
- Microsoft Exchange servers came under siege again in August 2021 via ProxyShell, which has been exploited worldwide by various threat groups.
- It includes an unpublished investigation into the operations of the APT group: exploitation of ProxyShell; OilRig campaign and activities of the cyber espionage group Dukes (also known as Cozy Bear).
- The Emotet botnet is back up and running.
The report also features an investigation into the Log4Shell vulnerability, a critical flaw in Log4j that surfaced in mid-December. IT teams globally quickly had to fix the flaw in their systems. “ This vulnerability, which scored a 10 on the Common Vulnerability Scoring System, put countless servers at risk of taking over completely, so it was no surprise that cybercriminals instantly began exploiting it. Despite only being known for the last three weeks of the year, Log4j attacks were the fifth most common external intrusion vector in 2021 in our statistics, showing how quickly emerging critical vulnerabilities are being exploited by threat actors.”, explains Roman Kováč, Research Director at ESET.
Exclusive research presented in the ESET Threat Report Q3 2021 provides unprecedented insights into the operations of the APT group. This time, the researchers provide updates on the activity of the OilRig cyber espionage group; the latest information on ProxyShell exploitation; and new spearphishing campaigns from the Dukes cyber espionage group.
Described in ESET’s Q4 2020 Threat Report as “more aggressive than ever”, ransomware exceeded the worst expectations in 2021, with attacks against critical infrastructure, outrageous ransom demands and more than $5 billion in transactions linked to potential ransomware payments identified in just the first half of 2021. As the bitcoin exchange rate peaked in November, ESET experts noted an influx of threats targeting cryptocurrencies, further fueled by the recent popularity of NFTs (non-fungible tokens).
In the mobile world, ESET noted an alarming increase in Android banking malware detections, rising 428% in 2021 compared to 2020, reaching detection levels for adware, a common nuisance on the Android platform. The annual detection number of email threats, the gateway to a variety of attacks, doubled. This trend was primarily driven by an increase in phishing emails.
The ESET Q3 2021 Threat Report also reviews the most important research findings, where the ESET research team discovered: FontOnLake, a new malware family targeting Linux; a previously undocumented real-world UEFI bootkit called ESPecter; Famous Sparrow, a cyber-espionage group targeting hotels, governments, and private companies around the world; and many others. In addition, the ESET team published an analysis of the 17 malicious frameworks known to have been used to attack networks with air gaps, and concluded their extensive series of deep dives into Latin American banking Trojans.