According to ESET’s Q3 Threat Report, covering September to December 2021, while the rates of supply chain attacks rose over 2020, 2021 was defined by the continual discoveries of zero-day vulnerabilities powerful enough to wreak havoc on enterprise systems. The discovery of zero-day flaws in Exchange Server and Microsoft’s emergency patches to resolve the on-premise issues continued to haunt IT administrators well into the year. Brute-force and automated password guessing, such as through dictionary-based attacks, were the most frequent attack vectors detected according to ESET telemetry. Attacks against remote desktop protocol (RDP) increased by 274% during the four-month period. “The average number of unique clients that reported at least one such attack per day shrank by 5% from 161,000 in T2 2021 to 153,000 in T3 2021,” the report says. “In other words, the intensity of RDP password-guessing attacks is growing rapidly, yet the pool of potential victims is becoming smaller.” Also: One in seven ransomware extortion attempts leak key operational tech records Public-facing SQL servers and SMB services also saw an uptick in credential-based attacks. However, exchange Server’s ProxyLogon bugs secured the second spot when it came to popular attack vectors. “Microsoft Exchange servers ended up under siege again in August 2021, with ProxyLogon’s “younger sibling”, named ProxyShell, exploited worldwide by several threat groups,” the report says. The last four months of 2021 also revealed the consequences of a critical vulnerability in Log4j. Tracked as CVE-2021-44228, the remote code execution (RCE) flaw in Log4j issued a CVSS severity score of 10.0, sent teams scrambling to patch the problem. Threat actors instantaneously began attempting to exploit the vulnerability. Even though the issue was only made public in the last three weeks of 2021, ESET has recorded CVE-2021-44228 among the top five attack vectors of the year. Ransomware, as expected, remains a thorn in the side of businesses today. ESET says its “worst expectations” of this malware variant were surpassed during 2021, with critical infrastructure attacked – including the assault against Colonial Pipeline – and over $5 billion in cryptocurrency transactions tied to ransomware campaigns were recorded during the first half of 2021 alone. The research also notes a recent surge in Android banking malware, rising by 428% in 2021 in comparison to 2020. According to ESET, infection rates associated with Android banking Trojans – such as SharkBot, Anatsa, Vultur, and BRATA – have now reached the same levels as adware. See also
Google Cloud launches agentless cryptojacking malware scanner Russian APT Primitive Bear attacks Western government department in Ukraine through job hunt Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0