My TechDecisions

IT Infrastructure, Network Security

ESET Threat Report: Trending Vulns and Configuration Flaws

Cybercriminals are continuing to abuse vulnerabilities and configuration flaws, such as Microsoft remote desktop protocol, according to ESET Threat Report.

Leave a Comment

Proofpoint CISO, CISOs cyberattack
Gorodenkoff/stock.adobe.com

Cybercriminals are continuing to abuse vulnerabilities and configuration flaws, according to cybersecurity software provider ESET. Its T1 2021 Threat Report notes trends of threat actors’ abuse of remote desktop protocols, an increase in cryptocurrency threats, and an increase in Android banking malware detections.

Aggressive ransomware tactics are trending, intensifying brute-force attacks and deceptive phishing campaigns targeting those who are working from home.

In early March, Microsoft released patches for Exchange Server 2013, 2016 and 2019. Ransomware gangs exploited the Microsoft Exchange Server vulnerabilities and earned a fortune due to double extortion, simultaneously encrypting and stealing data, threatening to leak it if the ransom is not paid.

The threat actors gained access to the details of the vulnerabilities before the release of the patch, attacking at least 60,000 known victims and multiple organizations more than once, according to the report. Ransomware has become a global crisis.

Read: 44 Vulnerabilities Addressed in Microsoft’s August Security Release

The study also found a 59.6% increase in remote desktop protocol (RDP) attack attempts. Microsoft’s Remote Desktop Protocol was the most targeted brute-force attack, according to the report. ESET telemetry recorded close to 27 billion password guesses trying to compromise public-facing systems via RDP.

The average number of unique clients per day that have faced an RDP attack grew from 147,000 to 161,000, representing continuity in the previous upward trend, the report confirms.

The report noted upward trends in HTML/Phishing.Agent trojan, a detection name for malicious HTML code often used in a phishing email’s attachment. The website requests credentials or other sensitive information, which is then sent to the attacker.

Since October 2020, people have lost more than 80 million USD to cryptocurrency scams. The number is very likely to be even higher, says ESET, out of shame, people tend to underreport getting scammed.

IT professionals should be extra vigilant and be sure to fix known patches and vulnerabilities immediately.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ