Large ransom demands and password-guessing attacks escalate
ESET released a report that summarizes key statistics from its detection systems and highlights notable examples of its cybersecurity research.
The latest issue of the report highlights several concerning trends that were recorded by ESET telemetry, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.
Ransom demands in T2 2021 largest to date
Ransomware, showing three major detection spikes during T2, saw the largest ransom demands to date. The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves that were felt far beyond the cybersecurity industry.
Both cases appeared to pursue financial gain rather than cyberespionage, with the perpetrators of the Kaseya attack setting a $70 million ultimatum – the heftiest known ransom demand so far.
“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field. The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features,” explains Roman Kováč, chief research officer at ESET.
On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader detections down by half compared to T1 2021 and a reshuffling of the whole threat landscape.
Password-guessing attacks seeing further growth in T2 2021
Password-guessing attacks, which often serve as a gateway for ransomware, saw further growth in T2. Between May and August 2021, 55 billion new brute-force attacks (+104% compared to T1 2021) against public-facing Remote Desktop Protocol services were detected.
Telemetry also saw an impressive increase in the average number of daily attacks per unique client, which doubled from 1,392 attempts per machine per day in T1 2021 to 2,756 in T2 2021.