Skip to content

ESET issues its Q4 2020 Threat Report recording a massive increase in RDP attack attempts since Q1

BRATISLAVA – ESET has released its Q4 2020 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research – including previously unpublished ESET research updates. As the final threat report of the year 2020, it also comes with commentary on the broader trends observed throughout the year as well as predictions for 2021 by ESET malware research and detection specialists.

The COVID-19 pandemic continued to influence the cybercrime landscape. Most notably, the new attack surface created by the shift to work from home brought further growth of Remote Desktop Protocol (RDP) attacks, albeit at a slower rate compared to previous quarters. Between Q1 and Q4 2020, ESET telemetry recorded a staggering 768% increase in RDP attack attempts. “RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4,” explains Roman Kováč, Chief Research Officer at ESET.

Another trend observed in Q4 was an increase in COVID-19-themed email threats, especially related to the end-of-year vaccine rollouts. Vaccinations offered cybercriminals an opportunity to extend their portfolios of lures used, a trend that is expected to continue in 2021.

The featured story of the report recounts the events of October 2020, when ESET took part in a global disruption campaign targeting TrickBot, one of the largest and longest-lived botnets. These coordinated efforts resulted in 94% of TrickBot’s servers taken down in a single week. “There was a sharp decline in TrickBot’s activities following the disruption operation late last year. We are continuously monitoring the TrickBot botnet, and the level of activity remains very low to this day,” comments Jean-Ian Boutin, Head of Threat Research at ESET.

The ESET Q4 2020 Threat Report also reviews the most important findings and achievements by ESET researchers: a previously unknown APT group targeting the Balkans and Eastern Europe, named XDSpy, and a remarkable number of supply-chain attacks, such as a Lazarus attack in South Korea, a Mongolian supply-chain attack named Operation StealthyTrident, and the Operation SignSight supply‑chain attack against a certification authority in Vietnam.

The exclusive research presented in the Q4 2020 Threat Report delivers updates on investigations around Lazarus’s Operation In(ter)ception, the PipeMon backdoor used by the Winnti group, and changes to the tools employed by the InvisiMole group.

The report also contains an overview of the numerous talks given by ESET research specialists in Q4, introduces talks planned for the RSA conference in May 2021 and provides an overview of ESET’s contributions to the MITRE ATT&CK knowledge base.

For more information, check out our ESET Threat Report Q4 2020 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.