Cybercriminals are continuing to abuse vulnerabilities and configuration flaws, according to cybersecurity software provider ESET. Its T1 2021 Threat Report notes trends of threat actors’ abuse of remote desktop protocols, an increase in cryptocurrency threats, and an increase in Android banking malware detections.
Aggressive ransomware tactics are trending, intensifying brute-force attacks and deceptive phishing campaigns targeting those who are working from home.
In early March, Microsoft released patches for Exchange Server 2013, 2016 and 2019. Ransomware gangs exploited the Microsoft Exchange Server vulnerabilities and earned a fortune due to double extortion, simultaneously encrypting and stealing data, threatening to leak it if the ransom is not paid.
The threat actors gained access to the details of the vulnerabilities before the release of the patch, attacking at least 60,000 known victims and multiple organizations more than once, according to the report. Ransomware has become a global crisis.
The study also found a 59.6% increase in remote desktop protocol (RDP) attack attempts. Microsoft’s Remote Desktop Protocol was the most targeted brute-force attack, according to the report. ESET telemetry recorded close to 27 billion password guesses trying to compromise public-facing systems via RDP.
The average number of unique clients per day that have faced an RDP attack grew from 147,000 to 161,000, representing continuity in the previous upward trend, the report confirms.
The report noted upward trends in HTML/Phishing.Agent trojan, a detection name for malicious HTML code often used in a phishing email’s attachment. The website requests credentials or other sensitive information, which is then sent to the attacker.
Since October 2020, people have lost more than 80 million USD to cryptocurrency scams. The number is very likely to be even higher, says ESET, out of shame, people tend to underreport getting scammed.
IT professionals should be extra vigilant and be sure to fix known patches and vulnerabilities immediately.