A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to have gone “back to basics” in Q3 2020. An area where the effects of the pandemic persist, however, is remote work with its many security challenges.
This is especially true for attacks targeting Remote Desktop Protocol (RDP), which grew throughout all H1. In Q3, RDP attack attempts climbed by a further 37% in terms of unique clients targeted – likely a result of the growing number of poorly secured systems connected to the internet during the pandemic, and possibly other criminals taking inspiration from ransomware gangs in targeting RDP.
The ransomware scene, closely tracked by ESET specialists, saw a first this quarter – an attack investigated as a homicide after the death of a patient at a ransomware-struck hospital. Another surprising twist was the revival of cryptominers, which had been declining for seven consecutive quarters. There was a lot more happening in Q3: Emotet returning to the scene, Android banking malware surging, new waves of emails impersonating major delivery and logistics companies…
This quarter’s research findings were equally as rich, with ESET researchers: uncovering more Wi‑Fi chips vulnerable to KrØØk-like bugs, exposing Mac malware bundled with a cryptocurrency trading application, discovering CDRThief targeting Linux VoIP softswitches, and delving into KryptoCibule, a triple threat in regard to cryptocurrencies.
Besides offering recaps of these findings, this report also brings exclusive, previously unpublished ESET research updates, with a special focus on APT group operations – see the News From the Lab and APT Group Activity sections for updates on TA410, Sednit, Gamaredon and more.
ESET also continued to contribute to the MITRE ATT&CK knowledge base, with four submissions accepted in Q3. Other contributions of our teams include publishing a testing script for KrØØk and a set of tools named Stadeo that facilitate the analysis of the Stantinko malware.
This quarter was bustling with virtual events, with ESET researchers sharing their knowledge at both Black Hat USA and Asia, CARO, Virus Bulletin, DEF CON, Ekoparty, and many others. For the upcoming months, we are excited to invite you to ESET’s talks and workshops at Botconf, AVAR and CODE BLUE.