End of 2021 witnessed an explosion of RDP brute-force attacks

RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed.

RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of 2021 brought a further acceleration, with an increase of 274% (from 55 billion in T2 2021 to 206 billion in T3 2021).

But while the intensity of these attacks is growing, detections by the company’s solutions show that the number of targets has been gradually shrinking – “although it doesn’t seem like the rampage is about to end any time soon.”

RDP brute-force attacks

Other findings

Based on the global telemetry data collected by ESET’s solutions in the last four months of 2021 (T3 2021), other trends have been spotted:

Email threats have risen by 8.5% in T3 2021 (when compared to the previous 4-month period) and by 145.4% in 2021 (when compared to 2020).

The most popular approaches are:

  • Emails with malicious attachments leading potential victims to phishing pages
  • Emails delivering attachments carrying specially crafted documents exploiting the CVE-2017-11882 vulnerability in Microsoft Equation Editor (still!) to deliver malware at a later date (infostealers and Emotet). “The attachments are often password-protected, with the passwords included in the email body – a well-known detection evasion technique. Some of the recently circulating malicious documents are left blank, also possibly in order to dodge detection,” the company noted.
  • Fraudulent HTML-based content – websites, HMTL-based emails and email attachments pushing scams (lottery, advance fee, and Nigerian Prince scams)

Web threats were up by 2.6% in T3 2021, the most prevalent of which were scam websites. The list of top phishing website categories in T3 2021 is headed by Finance (34.2%), Social media (20.9%), Shopping (9.3%), and Cryptocurrency (7.7%).

“Scammers will continue to take advantage of the revived cryptocurrency market – and as we already saw in T3 with the targeting of NFTs, there is always a new opportunity to jump on,” the researchers predict.

Detections of Android malware have also risen a bit (2.8% when compared with the previous period), but the most interesting change in this arena is a massive yearly increase in Android banking malware (a staggering 428% in 2021 compared to 2020!).

“Countries with the biggest detection numbers of this type of threat in 2021 were Turkey, Russia, Spain, Ukraine, and Japan,” ESET shared.

MacOS threats, on the other hand, have fallen by 5.9% when compared with T2 2021 numbers, but macOS trojan detections rose by 126% from 2020 to 2021.

“Adware will continue to be the most common threat to the macOS platform, as it is relatively cheap to acquire and does not depend on especially focused targeting,” ESET researchers anticipate.

“Regarding the actual development of malware and similar threats, we expect to detect more macOS malware and adware samples written in programming languages not often seen on this platform, such as Kotlin, D and especially Go.”

Infostealer detections were on the downswing in T3 2021, partly thanks to a decline in spyware, but the researchers pointed out that we are now witnessing the advent of a new danger: UEFI (firmware) bootkits that backdoor target systems.

“Although UEFI threats are very rare – only six real-world cases have been found in the wild – recent discoveries show they are certainly not going to disappear anytime soon. After all, three of the known six were discovered after September 2021. While we do not expect these threats to become wide- spread, we are sure that more of them will surface in the future. UEFI threats are mostly a domain of APT groups, but due to the greater ease of deploying these bootkits on the ESP, we may soon see non-APT actors making use of them,” they noted.

Don't miss