A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
After more than two years of shielding from a global pandemic, we get a ‘reward’: war! Several conflicts are raging in different parts of the world, but for us, this one is different. Right across Slovakia’s eastern borders, where ESET has its HQ and several offices, Ukrainians are fighting for their lives and sovereignty in this unprovoked war, facing an opponent that possesses nuclear weapons. As you will read in the ESET Threat Report T1 2022, Ukraine is resisting attacks not only in the physical world but also in cyberspace.
Our Featured story recounts various cyberattacks connected to the ongoing war that ESET researchers analyzed or helped to mitigate. This includes the resurrection of the infamous Industroyer malware, attempting to target high-voltage electrical substations.
Shortly before the Russian invasion, ESET telemetry recorded one of two sharp drops in RDP attacks. The decline in these attacks comes after two years of constant growth – and as we explain in the Exploits section, this turn of events might have a connection to the war in Ukraine. But even with this fall, almost 60% of incoming RDP attacks seen in T1 2022 came from Russia.
Another side effect of the war: while in the past ransomware threats tended to avoid targets located in Russia, in this period, according to our telemetry, Russia was the top targeted country. We even detected lock-screen variants using the Ukrainian national salute “Slava Ukraini” (Glory to Ukraine).
Unsurprisingly, the war has also been noticeably exploited by spam and phishing threats. Immediately after the invasion on February 24, scammers started to take advantage of people trying to support Ukraine, using fictitious charities and fundraisers as lures. On that day, we detected a large spike in spam detections.
We can also confirm that Emotet – the infamous malware, spread primarily through spam emails – is back after last year’s takedown attempts, and has shot back up in our telemetry. Its operators spewed spam campaign after spam campaign, with Emotet detections growing by more than a hundredfold!
Our telemetry has of course seen many other threats unrelated to the Russia-Ukraine war – I invite you to read the Statistics & Trends section of the ESET Threat Report T1 2022 to see the full picture.
The past months were also full of interesting research findings. Our researchers uncovered – among other things – the abuse of kernel driver vulnerabilities; high‑impact UEFI vulnerabilities; cryptocurrency malware targeting Android and iOS devices; and the campaigns of Mustang Panda, Donot Team, Winnti Group, and the TA410 APT group.
With their deep dive into Industroyer2, breaches of air-gapped networks, analyses of campaigns deployed by InvisiMole, OilRig, MuddyWater, FreshFeline, and TA410 APT groups, ESET researchers made it to the S4x22, CARO Workshop, Botconf, and NorthSec conferences – you can find wrap-ups of their talks in the final section of the ESET Threat Report T1 2022. For the upcoming months, we would like to invite you to ESET talks at RSA, REcon, Black Hat USA, Virus Bulletin, and many other conferences.
I wish you an insightful read.
To learn more about how threat intelligence can enhance the cybersecurity posture of your organization, visit the ESET Threat Intelligence page.
by Roman Kovac, ESET