Skip to content

ESET Threat Report T1 2021 highlights rapid abuse of trending vulnerabilities and configuration flaws by cybercrooks

BRATISLAVA – ESET, a global leader in cybersecurity, has released its T1 2021 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research, including exclusive, previously unpublished updates on current threats. The featured story recounts ESET Research’s discovery of multiple advanced persistent threat (APT) groups exploiting a vulnerability chain affecting Microsoft Exchange Server. The exclusive updates include new findings about the Lazarus and Turla APT groups and an analysis of a malicious iOS tweak that steals files from jailbroken iOS devices.

Starting with this issue of the ESET Threat Report, ESET Research aims to have a triannual publication, meaning that each report will cover a four-month period. For easier orientation, the T1 abbreviation will be used to describe the period from January to April, T2 from May to August, and T3 from September to December.

During the first four months of this year, the COVID-19 pandemic was still the number one news topic globally; however, it became notably less prominent in the threat landscape. “One could say ‘fortunately,’ yet as you’ll see in our report, we are continuing to see worrying examples of cybercrooks rapidly abusing trending vulnerabilities and configuration flaws with a focus on achieving high returns on investment,” comments Roman Kováč, Chief Research Officer at ESET. These abuses include continued abuse of the remote desktop protocol (RDP), which remains the number one target of brute-force attacks, increased numbers of cryptocurrency threats, and a steep increase of Android banking malware detections.

The featured story of the report recounts ESET Research’s analysis of a vulnerability chain that allows an attacker to take over any reachable Exchange server. The attack has become a global crisis and ESET researchers identified more than 10 different threat actors or groups that likely leveraged this vulnerability chain.  

The exclusive research presented in the T1 2021 Threat Report brings several updates and new findings about the APT groups Turla and Lazarus. It also includes information about a malicious iOS tweak, which is an application that leverages runtime patching in order to change program behavior, to execute shell commands on jailbroken and compromised iOS devices.

The ESET T1 2021 Threat Report also reviews the most important findings and achievements by ESET researchers. Among many other findings, including an ongoing series investigating Latin American banking trojans, ESET researchers uncovered the Kobalos malware, which attacks high performance computer clusters and other high-profile targets; Operation Spalax, which targets Colombian government organizations and private entities; a highly targeted supply‑chain attack that focused on online gaming in Asia; and a new Lazarus backdoor that was used to attack a freight logistics company in South Africa.

Besides these findings, the report also recapitulates the many virtual talks held by ESET research specialists in T1, introduces talks planned for the upcoming months, and provides an overview of ESET’s participation in the MITRE ATT&CK® Evaluations that emulated the Carbanak and FIN7 adversary groups.

For more information, check out our ESET Threat Report T1 2021 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.