Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working, according to ESET’s Q4 2020 Threat Report.
However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.
Another key finding from the report was a rise in COVID-19-themed email threats in Q4, with the vaccine rollout particularly heavily targeted. Compared with Q3, vaccine mentions in malicious emails were up by 50%, highlighting the strong lures this topic offers. These include business proposals in vaccine development, offers on ultra-low-temperature freezers and vaccine-related conspiracy theories. ESET expects cyber-criminals to continue leveraging this issue via email attacks throughout the coming year.
ESET also highlighted the global disruption campaign it took part in against one of the largest and longest-lived botnets, TrickBot. This led to 94% of TrickBot’s servers being taken down in a single week. Jean-Ian Boutin, head of threat research at ESET, commented: “There was a sharp decline in TrickBot’s activities following the disruption operation late last year. We are continuously monitoring the TrickBot botnet, and the level of activity remains very low to this day.”
In addition, the cybersecurity firm revealed research findings about a number of supply chain attacks during Q4, which are especially relevant given the SolarWinds attack that took place in December 2020. These include a previously unknown APT group called XDSpy, a Lazarus attack in South Korea and a Mongolian supply chain attack named Operation StealthyTrident.
Boutin added: “RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4.”
However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.
Another key finding from the report was a rise in COVID-19-themed email threats in Q4, with the vaccine rollout particularly heavily targeted. Compared with Q3, vaccine mentions in malicious emails were up by 50%, highlighting the strong lures this topic offers. These include business proposals in vaccine development, offers on ultra-low-temperature freezers and vaccine-related conspiracy theories. ESET expects cyber-criminals to continue leveraging this issue via email attacks throughout the coming year.
ESET also highlighted the global disruption campaign it took part in against one of the largest and longest-lived botnets, TrickBot. This led to 94% of TrickBot’s servers being taken down in a single week. Jean-Ian Boutin, head of threat research at ESET, commented: “There was a sharp decline in TrickBot’s activities following the disruption operation late last year. We are continuously monitoring the TrickBot botnet, and the level of activity remains very low to this day.”
In addition, the cybersecurity firm revealed research findings about a number of supply chain attacks during Q4, which are especially relevant given the SolarWinds attack that took place in December 2020. These include a previously unknown APT group called XDSpy, a Lazarus attack in South Korea and a Mongolian supply chain attack named Operation StealthyTrident.
Boutin added: “RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4.”