ESET has released its T1 2021 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research, including exclusive, previously unpublished updates on current threats. The featured story recounts ESET Research’s discovery of multiple advanced persistent threat (APT) groups exploiting a vulnerability chain affecting Microsoft Exchange Server. The exclusive updates include new findings about the Lazarus and Turla APT groups and an analysis of a malicious iOS tweak that steals files from jailbroken iOS devices.
Starting with this issue of the ESET Threat Report, ESET Research aims to have a triannual publication, meaning that each report will cover a four-month period. For easier orientation, the T1 abbreviation will be used to describe the period from January to April, T2 from May to August, and T3 from September to December.
During the first four months of this year, the COVID-19 pandemic was still the number one news topic globally; however, it became notably less prominent in the threat landscape. “One could say ‘fortunately,’ yet as you’ll see in our report, we are continuing to see worrying examples of cyber crooks rapidly abusing trending vulnerabilities and configuration flaws with a focus on achieving high returns on investment,” comments Roman Kováč, Chief Research Officer at ESET. These abuses include continued abuse of the remote desktop protocol (RDP), which remains the number one target of brute-force attacks, increased numbers of cryptocurrency threats, and a steep increase of Android banking malware detections.
The featured story of the report recounts ESET Research’s analysis of a vulnerability chain that allows an attacker to take over any reachable Exchange server. The attack has become a global crisis and ESET researchers identified more than 10 different threat actors or groups that likely leveraged this vulnerability chain.
The exclusive research presented in the T1 2021 Threat Report brings several updates and new findings about the APT groups Turla and Lazarus. It also includes information about a malicious iOS tweak, which is an application that leverages runtime patching in order to change program behavior, to execute shell commands on jailbroken and compromised iOS devices.
The ESET T1 2021 Threat Report also reviews the most important findings and achievements by ESET researchers. Among many other findings, including an ongoing series investigating Latin American banking trojans, ESET researchers uncovered the Kobalos malware, which attacks high performance computer clusters and other high-profile targets; Operation Spalax, which targets Colombian government organizations and private entities; a highly targeted supply‑chain attack that focused on online gaming in Asia; and a new Lazarus backdoor that was used to attack a freight logistics company in South Africa.
Besides these findings, the report also recapitulates the many virtual talks held by ESET research specialists in T1, introduces talks planned for the upcoming months, and provides an overview of ESET’s participation in the MITRE ATT&CK® Evaluations that emulated the Carbanak and FIN7 adversary groups.