Record-breaking number of brute-force attacks targeting RDP

Sliedrecht, February 10, 2022 – ESET, a global leader in digital security, has released its Threat Report for the third quarter of 2021 this week. The Threat Report includes key statistics and trends about the current threat landscape based on ESET detection systems. In addition, the report includes notable examples from ESET Research including previously unpublished studies on current threats.

The third quarter of 2021 was turbulent, the ransomware attacks on the Mediamarkt and manufacturing company VDL were two of many. Ransomware surpassed worst expectations worldwide in 2021, with attacks against critical infrastructure, outrageous ransom demands and more than $5 billion in potential bitcoin transactions in the 1st half of 2021. The most common ransomware in the Netherlands was CTBLocker (36.1%), followed by Cerber (11.9%). In the top 10 most common ransomware types, Ryuk and BlackMatter were at the bottom.

In addition to the amount of ransomware attacks, the number of brute-force attacks targeting remote desktop protocol (RDP) continued to grow. Worldwide, all previous records were broken in the last weeks of the third quarter and ESET sees an annual growth of no less than 897%. In the Netherlands we also saw a huge growth in 2021 of no less than 671% between January and December, this is almost a sevenfold increase. The 7-day average of RDP connection attempts fluctuated between 5 and 25 million attempts in Q1 and Q2 2021, but rose in the third quarter of the year, especially in the last few weeks, to numbers between 40 and even 65 million.

In December, ESET Research also detected hundreds of thousands of Log4j attack attempts, with the Netherlands having the third most attack attempts at 8%. Despite the fact that the Log4j vulnerability has only been known for a few weeks, it was the fifth most used attack method of 2021.

Global developments that ESET also saw in the third quarter of 2021 included the return of the Emotet botnet by Trickbot, the Microsoft Exchange vulnerability chain that was once again under attack, increasing detections of the ASP/Webshell backdoor by almost 160% and phishing attacks. aimed at European diplomats and employees of Ministries of Foreign Affairs. Although the number of Android threats increased in the first quarter of 2021, this remained stable for the rest of the year, nevertheless the number of Android banking malware threats has increased by 428% compared to 2020.

The number of cryptocurrency threats follows cryptocurrency prices, with the number of coin miners growing by 8.4% in the third quarter and the number of crypto stealers declining by the same percentage. In addition, the number of cryptocurrency-related phishing tripled in the third quarter. A new target in the phishing landscape is the growing NFT marketplace OpenSea.

In addition to threat intelligence and investigations, the report also provides an overview of the presentations made by ESET researchers in the third quarter of 2021 and upcoming presentations are announced.
For more information, view the full Threat Report at https://www.welivesecurity.com/2022/02/09/eset-threat-report-t32021/

About ESET
For over 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers around the world. ESET has since grown into the largest IT security company in the European Union with solutions ranging from endpoint and mobile security, to encryption and two-factor authentication. ESET protects and monitors 24/7 in the background and updates security in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables secure use of technology. This is supported by ESET’s R&D centers worldwide, committed to our shared future. For more information, visit www.eset.com/nl or follow us on LinkedIn, Facebook, Instagram and Twitter.

This article is a submitted message and is not the responsibility of the editors.

Leave a Comment