Attacks on Microsoft Exchange servers were among the most used attack vectors in 2021
ESET publishes its threat report for the third quarter of 2021 and assesses the IT security situation.
In the current report, the security experts from the European IT security manufacturer highlight the most common attack vectors of the past twelve months, the reason for the increase in email threats and the continued rapid increase in attacks on home offices. Microsoft Exchange servers were among the most popular targets for hackers throughout the year.
Of course, the Log4Shell vulnerability is also a central topic of the report. Although the security vulnerability only became known in mid-December, attacks on it were still one of the top attack vectors in 2021. With 19 billion RDP attack attempts in Germany, Austria and Switzerland alone, home office employees were clearly in the sights of online criminals in 2021. The final Threat Report of 2021 also contains assessments of the general eCrime trends observed throughout the year. One of the highlights are the exclusive results on the activities of APT groups such as OilRig or Dukes. The report is available online at WeLiveSecurity. “The Log4Shell vulnerability, rated 10 in the Common Vulnerability Scoring System, put countless servers at risk of full takeover - so it was no surprise that cybercriminals were quick to exploit it. Despite only becoming known in the last three weeks of the year, Log4j attacks were the fifth most common external attack vector in our statistics in 2021, showing how quickly threat actors are exploiting emerging critical vulnerabilities,” explains Roman Kovác, Chief Research Officer at ESET .
RDP attacks nearly quadrupled in 2021
ESET security experts recorded over 19 billion attacks on the RDP protocol in Germany, Austria and Switzerland alone in 2021. That's around 52 million attacks per day on average. In 2020 there were over 5.2 billion attacks. It's surprising that the numbers have continued to rise even though 2021 was no longer marked by the chaos of newly imposed lockdowns and hasty shifts to remote work. This attack method has proven to be extremely lucrative and effective for criminals to gain access to corporate networks.
Microsoft Exchange under constant attack
The ProxyLogon vulnerability was the second most common external attack vector in 2021, according to ESET Telemetry. Microsoft Exchange servers were attacked again in August 2021. A successor variant of ProxyLogon called ProxyShell was used here. This vulnerability was exploited by several APT groups and other actors. The targets were scattered all over the world.
The king is dead, long live the king
At the end of the year, the Emotet malware reappeared on the scene.
Earlier this year there were reports that several authorities had shut down the network behind it. But since around November, several systems infected with the Trickbot malware have started installing new variants of Emotet. In the past it was exactly the opposite. The ESET experts suspect that the criminals are using TrickBot's infrastructure to revive the botnet. The entire Threat Report T3 2021 is available on WeLiveSecurity: https://www.welivesecurity.com/deutsch/2022/02/09/eset-threat-report-t3-2021
Source: pressetext.com
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )