2022 has already brought in many challenges and ESET telemetry can only confirm it. Take a look at the latest ESET Threat Report – a view of the T1 2022 threat landscape from the perspective of ESET threat detection and research experts. #ESET #ProgressProtected #ThreatReport
– ESET (@ESET) June 2, 2022
While in the past ransomware threats tended to avoid targets in Russia, from January to April 2022, according to ESET’s telemetry, Russia was the most common target. Security experts have even detected a type of ransomware locking the screen with the link “Glory to Ukraine!”. Since the Russian invasion of Ukraine, the number of amateur ransomwares and wippers has increased. Their authors often promise to support one of the warring parties and carry out the attacks as personal revenge.
„In connection with the ongoing war, we also detected several new malware attacks of the wiper type, in which we believe that the motive for the attackers was not the vision of financial reward, as is the case with malware attacks. This time, the attackers focused on specific organizations in order to impair their ability to respond,Explains Robert Šuman, Head of ESET’s Prague Research Department. In April, ESET also unveiled a new variant of the Industroyer malware, through which attackers targeted a large part of Ukraine’s high-voltage power grid. The attack was also unsuccessful, thanks to security analysts from ESET Research.
Scams and phishing campaigns
Spam and phishing campaigns became a big topic immediately after the invasion on February 24. Through false collections, fraudsters began to abuse the solidarity of people who wanted to support the victims of the conflict. On the same day, ESET’s telemetry saw a large increase in spam detection. The area of common malware, dissemination of misinformation, scams and phishing campaigns was also on the rise in the Czech Republic at the beginning of the year. Currently, a big topic is currently phishing scams on internet bazaars.
Security experts warn of a wave of fake applications, spreading banking malware
„Although it is not hard malware, attacks using social engineering techniques are a very dangerous offensive strategy and an area that grew significantly in the first half of the year,“Adds Robert Šuman.
Emotet email malware
ESET’s telemetry also identified a number of other threats that were not primarily related to the international geopolitical situation. “After last year’s attempts to stop the spread, the infamous Emotet malware has reappeared in our telemetry, which is spread mainly through spam e-mails.“Says Šuman. In the first four months of this year, the attackers led one spam campaign after another, while the number of Emotet detections increased more than a hundredfold. However, as noted in ESET Threat Report, this could be the latest campaign to rely on malicious macros, due to a recent move by Microsoft to disable Internet macros in Office programs by default. After this change, cyber-attackers using Emotet began testing other attack vectors on much smaller samples of victims.
ESET Research has also uncovered sophisticated malware aimed at stealing cryptocurrency devices from Android and iOS operating systems. Malicious applications containing Trojan horses look and have the same functionality as official crypto-wallets (Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket or OneKey), but they behave differently depending on the operating system on which they are installed. If a legitimate version of the app is already installed on Android, the malicious app can’t overwrite it. In contrast, with the iOS operating system, the victim may have both a legitimate and a malicious version of the application.
Cybercriminals in the Czech Republic attacked with a virus used in the conflict in Ukraine
After a relatively long period of “bull markets”, when the value of the cryptocurrency market has grown, so-called “bear markets” open up good investment opportunities and an increase in cryptocurrency fraud can be expected. Therefore, especially new investors in cryptocurrencies should choose a mobile application to manage their funds carefully. According to the latest ESET Threat Report, more than a dozen of these fake applications were still available on Google Play in January 2022.
„Although the presence of cryptocurrency malware mostly mimics the evolution of the cryptocurrency rate, with sanctions imposed on Russian cryptocurrency companies and the adoption of bitcoin as the legal currency in the Central African Republic, it is relatively difficult to predict how the threat will develop,“Adds Robert Šuman.