ESET issues its Q3 2020 Threat Report – remote workers under fire from RDP attacks
Created: 2020-10-29 06:45:52
BRATISLAVA – October 29, 2020 – ESET, a global leader in cybersecurity, has released its Q3 2020 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research – including previously unpublished ESET research updates. The report and its findings were exclusively presented during the “ESET European Cyber Security Day – Towards a Secure Post-COVID Future” virtual event.
After months of abusing the COVID-19 theme in their campaigns, cybercriminals appear to have returned to their usual tactics in the third quarter of 2020, the Q3 2020 Threat Report shows. An area where the risks remain particularly high, however, is remote work.
ESET telemetry showed further growth in attacks targeting Remote Desktop Protocol (RDP), which grew throughout H1. While the number of unique clients targeted rose by more than a third, the total number of attack attempts surged by 140%. “The continued rise in RDP attacks may be a result of the growing number of poorly secured systems being connected to the internet during the pandemic, or possibly other criminals taking inspiration from ransomware gangs in targeting RDP,” comments Jiří Kropáč, Head of Threat Detection Labs at ESET.
Other key trends observed in Q3 were the revival of cryptominers, Emotet returning to the scene after months of inactivity, and Android banking malware surging following the source code release of the notorious mobile banking trojan Cerberus.
The ESET Q3 2020 Threat Report also reviews the most important findings and achievements by ESET researchers. Among many other findings, they uncovered more Wi‑Fi chips vulnerable to KrØØk-like bugs, exposed Mac malware bundled with a cryptocurrency trading application, discovered CDRThief targeting Linux VoIP softswitches, and delved into KryptoCibule, a triple threat in regard to cryptocurrencies.
The exclusive research presented in the Q3 2020 Threat Report includes campaigns leveraging malicious MAXScripts, the spread of Latin American banking trojans to Europe, new activity of the TA410 threat group and a look into the updated arsenal of the Gamaredon Group.
Besides these findings, the report also recapitulates the many virtual talks held by ESET research specialists in Q3, introduces talks planned for the upcoming quarter and provides an overview of ESET’s contributions to the MITRE ATT&CK knowledge base.
For more information, check out our ESET Threat Report Q3 2020 on WeLiveSecurity. Make sure to
Make sure to follow ESET research on Twitter for the latest news from ESET Research.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.