The European security manufacturer ESET has published its current “T1 2022 Threat Report”. In it, the specialists summarize the most important statistics from ESET detection systems and show notable examples from cybersecurity research. The latest edition of the ESET Threat Report reports on various cyberattacks related to the Russian invasion of Ukraine that were discovered or prevented by ESET researchers. This also includes the comeback of the notorious Malware Industroyer. This malicious program was intended to paralyze substations in Ukraine.

Cyberwar in Ukraine is changing the threat landscape

ESET telemetry also noted further changes in cyber threats that could be related to the situation in Ukraine. Roman Kováč, Chief Research Officer at ESET explains why this report focuses primarily on war-related cyber threats: “There are several conflicts raging in different parts of the world, but for us this one is different. Right on the eastern border of Slovakia, where ESET has its headquarters and several offices, Ukrainians are fighting for their lives and sovereignty.”

Criminals adapt

For the first time in more than two years, attempted attacks on RDP connections fell by almost half. But even with this regression, almost 60 percent of the RDP attacks recorded in the first quarter of 2022 came from Russia. Attacks on databases (SQL injections) also fell by 64 percent and on SMB protocols by more than a quarter. The ESET researchers see possible reasons for the decline in the abolition of remote work in companies after the end of many Corona restrictions and in improved IT security measures.  

Ransomware and scam campaigns are gaining momentum

Before the invasion, Russia was not on the target list of ransomware attacks. Since the invasion of Ukraine, it has been the most attacked country. In the first quarter, ESET researchers discovered the most ransomware attacks in Russia at 12 percent, including lockscreen variants with the Ukrainian national greeting.

During this period, the number of amateur ransomware and wiper software has also increased. Their authors often show their political views and turn the attacks into a personal vendetta. This trend is expected to continue or even increase in the coming months.

Fraudsters are also taking advantage of the war in Ukraine, and phishing and fraud campaigns are increasing. Immediately after February 24th, calls from supposed charities and fictitious fundraisers to support Ukrainians appeared. We reported about this HERE .

Emotet returns

ESET telemetry has also detected many other threats not related to the Ukraine war. “Emotet, the infamous and previously thought dead malware that was mainly distributed via spam emails, has resurfaced and shot through the roof in our detection systems,” explains Kováč. In March and April 2022, Emotet operators launched massive spam campaigns using Microsoft Word documents, and the number of malware detections increased more than 100-fold. However, according to Microsoft, this could soon be over, as the tech giant has deactivated the macros in Office programs that were attacked by the hackers by default. We HERE .

ESET Threat Report shows additional vulnerabilities and malware trends

The new Threat Report provides an overview of the most important research results surrounding additional security gaps and malware developments. These include the abuse of kernel driver vulnerabilities, high-risk UEFI vulnerabilities, cryptocurrency malware targeting Android and iOS devices, an as-yet-unattributed campaign using the DazzleSpy macOS malware, and the Mustang campaigns Panda, Donot Team, Winnti Group and the TA410 APT group.

The report also includes an overview of various talks from ESET researchers from the first quarter of the year. It also previews contributions to the RSA and REcon conferences in June 2022, where researchers will present findings on the Wslink and ESPecter discoveries. The ESET research team will also publish further results at the Virus Bulletin Conference in September 2022.

More information about the ESET T1 2022 Threat Report can be found on WeLiveSecurity: https://www.welivesecurity.com/2022/06/02/eset-threat-report-t12022/


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )