15.1 C

ESET Threat Report T2 2022: RDP attacks see further drop; India among countries with the highest number of Android trojan detections

 ESET has released its T2 2022 Threat Report, summarizing key statistics from ESET detection systems, and highlighting notable examples of ESET’s cybersecurity research. The latest issue of the ESET Threat Report (covering May to August 2022) sheds light on the changes in ideologically motivated ransomware, spyware trojans, Emotet activity, the most-used phishing lures, how the plummeting cryptocurrency exchange rates affected online threats, and the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks. ESET analysts think these attacks continued to lose their steam due to the Russia-Ukraine war, along with the post-COVID return to offices and overall improved security of corporate environments.

Even with declining numbers, Russian IP addresses continued to be responsible for the largest portion of RDP attacks. “In T1 2022, Russia was also the country that was most targeted by ransomware, with some of the attacks being politically or ideologically motivated by the war. However, ESET Threat Report T2 2022 shows that this hacktivism wave has declined in T2, and ransomware operators turned their attention towards the United States, China, and Israel,” explains Roman Kováč, Chief Research Officer at ESET.

Android threat detections continued to grow in T2 2022 by 9.5%, with India named among countries with most detections of Android/Spy.Agent trojan with various spying capabilities, including secretly recording audio and video. Behind a large portion of Android spyware detection in the past four months was “GB WhatsApp” – a popular but cloned (and therefore unofficial) third-party version of WhatsApp. The cloned app is not available on Google Play and therefore there are no security checks in place compared with the legitimate WhatsApp, and versions available on various download websites are riddled with malware.

Further, the biggest zombie IoT botnet ‘Mozi’ saw the number of bots drop by 23% from 500,000 compromised devices in T1 to 383,000 in T2. However, China (53%) and India (35%) continued to have the highest number of IoT bots geolocated inside the respective countries. These statistics confirm the assumption that the Mozi botnet is on autopilot, running without human supervision since its reputed author was arrested in 2021.

- Advertisement -TechnoSports-Ad

According to ESET telemetry, August was a vacation month for the operators of Emotet, the most influential downloader strain. The gang behind it also adapted to Microsoft’s decision to disable VBA macros in documents originating from the internet and focused on campaigns based on weaponized Microsoft Office files and LNK files.

The report also examines threats mostly impacting home users. ESET phishing feeds showed a sixfold increase in shipping-themed phishing lures, most of the time presenting the victims with fake DHL and USPS requests to verify shipping addresses. “In terms of threats directly affecting virtual and physical currencies, a web skimmer known as Magecart remains the leading threat going after online shoppers’ credit card details. We also saw a twofold increase in cryptocurrency-themed phishing lures and a rising number of cryptostealers,” explains Kováč.

The ESET T2 2022 Threat Report also reviews the most important findings and achievements by ESET researchers. They uncovered a previously unknown macOS backdoor, and later attributed it to ScarCruft, discovered an updated version of the Sandworm APT group’s ArguePatch malware loader, uncovered Lazarus payloads in trojanized apps, and analyzed an instance of the Lazarus Operation In(ter)ception campaign targeting macOS devices while spearphishing in crypto-waters. ESET researchers also discovered buffer overflow vulnerabilities in Lenovo UEFI firmware and a new campaign using a fake Salesforce update as a lure.

- Advertisement -TechnoSports-Ad

Besides these findings, the report also summarizes the many talks given by ESET researchers in recent months, and introduces talks planned for AVAR, Ekoparty, and many other conferences.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Raunak Saha
Raunak Saha
A cs engineer by profession but foodie from heart. I am tech lover guy who has a passion for singing. Football is my love and making websites is my hobby.



Related Stories

More from author

HARMAN Extends Official Partnership with Scuderia Ferrari for the 2024 Formula One Season

HARMAN, a leading automotive electronics technology company and a subsidiary of Samsung Electronics Co., Ltd., has confirmed its continuation as an official partner of...

Maximizing Athletic Potential: Bharat Sports Science Conclave 2024

The significance of sports science took center stage at the Bharat Sports Science Conclave held in New Delhi, where Hon'ble Union Minister of Youth...

Gaming Evolution: Brothers Remake & Myth of Empires with DLSS 2, Tarkov: Arena Amped by NVIDIA Reflex

In a landmark week for gaming technology, the industry sees significant advancements with the launch of Brothers: A Tale of Two Sons Remake and...

The Best Gaming PC under 20000 INR in India as of 2024

The Best Gaming PC under 20000 INR: The Ultimate Guide In search of a gaming PC, but your budget is too low? Don't worry, we...