BRATISLAVA – ESET, a global leader in cybersecurity, has released its T1 2021 Threat Report, summarising key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research, including exclusive, previously unpublished updates on current threats. The featured story recounts ESET Research’s discovery of multiple advanced persistent threat (APT) groups exploiting a vulnerability chain affecting Microsoft Exchange Server. The exclusive updates include new findings about the Lazarus and Turla APT groups and an analysis of a malicious iOS tweak that steals files from jailbroken iOS devices.
Starting with this issue of the ESET Threat Report, ESET Research aims to have a triannual publication, meaning that each report will cover a four-month period. For easier orientation, the T1 abbreviation will be used to describe the period from January to April, T2 from May to August, and T3 from September to December.
During the first four months of this year, the COVID-19 pandemic was still the number one news topic globally; however, it became notably less prominent in the threat landscape. “One could say ‘fortunately,’ yet as you’ll see in our report, we are continuing to see worrying examples of cybercrooks rapidly abusing trending vulnerabilities and configuration flaws with a focus on achieving high returns on investment,” comments Roman Kováč, Chief Research Officer at ESET. These abuses include continued abuse of the remote desktop protocol (RDP), which remains the number one target of brute-force attacks, increased numbers of cryptocurrency threats, and a steep increase of Android banking malware detections.
The featured story of the report recounts ESET Research’s analysis of a vulnerability chain that allows an attacker to take over any reachable Exchange server. The attack has become a global crisis and ESET researchers identified more than 10 different threat actors or groups that likely leveraged this vulnerability chain.
The exclusive research presented in the T1 2021 Threat Report brings several updates and new findings about the APT groups Turla and Lazarus. It also includes information about a malicious iOS tweak, which is an application that leverages runtime patching in order to change program behaviour, to execute shell commands on jailbroken and compromised iOS devices.
The ESET T1 2021 Threat Report also reviews the most important findings and achievements by ESET researchers. Among many other findings, including an ongoing series investigating Latin American banking trojans, ESET researchers uncovered the Kobalos malware, which attacks high performance computer clusters and other high-profile targets; Operation Spalax, which targets Colombian government organisations and private entities; a highly targeted supply‑chain attack that focussed on online gaming in Asia; and a new Lazarus backdoor that was used to attack a freight logistics company in South Africa.
Besides these findings, the report also recapitulates the many virtual talks held by ESET research specialists in T1, introduces talks planned for the upcoming months, and provides an overview of ESET’s participation in the MITRE ATT&CK® Evaluations that emulated the Carbanak and FIN7 adversary groups.
For more information, check out our ESET Threat Report T1 2021 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multi-factor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defences in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centres worldwide, working in support of our shared future. For more information, visit our website or follow us on LinkedIn, Facebook, and Twitter.