BRATISLAVA – ESET released today its T2 2021 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research, including exclusive, previously unpublished updates on current threats. The latest issue of the ESET Threat Report highlights several concerning trends that were recorded by ESET telemetry, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.

Ransomware, showing three major detection spikes during T2, saw the largest ransom demands to date. The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves that were felt far beyond the cybersecurity industry. Both cases appeared to pursue financial gain rather than cyberespionage, with the perpetrators of the Kaseya attack setting a USD 70 million ultimatum – the heftiest known ransom demand so far.

“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field. The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features,” explains Roman Kováč, chief research officer at ESET. On the other hand, the final shutdown of Emotet at the end of April 2021 saw downloader detections down by half compared to T1 2021 and a reshuffling of the whole threat landscape.

Password-guessing attacks, which often serve as a gateway for ransomware, saw further growth in T2. Between May and August 2021, ESET detected 55 billion new brute-force attacks (+104% compared to T1 2021) against public-facing Remote Desktop Protocol services. ESET telemetry also saw an impressive increase in the average number of daily attacks per unique client, which doubled from 1,392 attempts per machine per day in T1 2021 to 2,756 in T2 2021.

The exclusive research presented in the T2 2021 Threat Report includes findings about the highly targeted DevilsTongue spyware, which is used to spy on human rights defenders, dissidents, journalists, activists, and politicians; and a new spear phishing campaign by the Dukes APT group, which remains a prime threat to Western diplomats, NGOs, and think tanks. A separate section describes new tools employed by the highly active Gamaredon threat group targeting governmental organizations in Ukraine.

The ESET T2 2021 Threat Report also reviews the most important findings and achievements by ESET researchers: a new cross-platform APT group targeting both Windows and Linux systems; a myriad of security issues in Android stalkerware apps; and a diverse class of malware targeting IIS servers, highlighted in the Featured story section.

Finally, the report offers an overview of several talks given by ESET researchers and experts during the past few months and introduces talks planned for Virus Bulletin, AVAR, SecTor, and many other conferences. It also provides a general outlook of ESET’s participation in the MITRE Engenuity ATT&CK® evaluation, which will focus on tactics, techniques and procedures applied by the Wizard Spider and Sandworm APT groups. ESET’s outstanding visibility into both adversary groups’ behaviors could have a significant positive impact on ESET’s results in this evaluation.

For more information, check out our ESET Threat Report T2 2021 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

The steady stream of news about ransomware attacks, phishing emails and identity theft can feel overwhelming. That’s why the goal of October’s Cybersecurity Awareness Month is to empower every American with the tools and knowledge necessary to stay safer online.

This annual event, now in its 18th year, has shifted focus over the years from offering basic internet safety tips—like keeping your software updated—to providing a vast range of educational resources for individuals, families, schools and businesses.

Sponsored by The National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA), the campaign’s stated purpose is to “raise awareness about the importance of cybersecurity across our nation, ensuring that all Americans have the resources they need to be safer and more secure online.”

As the NCSA notes, “In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.”

This year’s theme, “Do Your Part. Be #CyberSmart,” emphasizes the role of personal accountability and proactive behavior.

Whether it’s using strong passwords to protect your online data, investing in internet security to block the spread of malware, or simply thinking twice before clicking on a link, your actions make a difference. After all, the Colonial pipeline attack that shut down the biggest fuel pipeline in the U.S.—leading to shortages across the East Coast—was the result of a single compromised password.

By following the security best practices provided by the campaign, as well as sharing them with friends, colleagues and family, you can make our interconnected world a safer place.

Each week in October will focus on a specific area, beginning with newbie basics like creating powerful passwords, using two-factor authentication and backing up your data.

Consecutive weeks will cover how to recognize and avoid phishing attacks; explore the burgeoning field of careers in cybersecurity; and illustrate how the actions we take today can affect the future of IT security.

ESET’s activities during Cybersecurity Awareness Month include a contest with prizes, a ransomware webinar and free cybersecurity awareness training.

You can access free resources like tip sheets, videos and infographics, including materials for K-12, small businesses, and government organizations, from the National Cybersecurity Alliance at https://staysafeonline.org/resources-library/.

Just like our homes, our digital devices hold invaluable data and private information. And in a time when the threat of cyber-attacks is greater than ever, a computer device without any malware protection is the digital world equivalent of an unlocked front door. Moreover, the digital realm is now hosting the highest number of recorded users ever. Coupled with the fact that new malicious threats are emerging every day, the need to secure your personal and professional devices has reached an all-time high.

However, with a plethora of security options to choose from, it’s enough to give anybody a head spin. But don’t worry, we’re here to make your entry to the vast unknown world of cybersecurity a lot easier. We’ve put together the top 7 questions you need to be asking before you click the download button.

Q1. How well does it perform against malicious threats?
When it comes to picking the right antivirus software for your device it’s crucial that you consider its overall performance against malicious threats saturating the web. Your security suite must be able to give you complete protection against all types of malware. Such threats include trojans, spyware, adware, rootkits, ransomware, and malicious bots that seek to infect your computer for nefarious purposes. And in the process of detecting and eliminating these threats, it’s important you pick a security suite that doesn’t give off false or incorrect detections. This means it has to be 100% effective when blocking any type of malware, known or unknown.

Moreover, with new malware threats emerging every single day, it’s also key that your antivirus stays up-to-date about new viruses and their digital fingerprints. So if you want absolute stress-free protection for your device, choose an antivirus that regularly updates its virus and malware definitions. This applies whether you’re in a home environment or an office setting.

Another vital factor is proactivity. Regardless of what operating system (OS) you use, macOS or Windows, having a proactive security suite is much more beneficial, as compared to having a reactive one. In cases where malware stealthily penetrates your device, your proactive security system will automatically detect, detain, and remove the malware before it even rears its head. This is in stark contrast to reactive antivirus systems, which only start taking action after the malware infection has already started spreading across your device.

Q2. Is it a free or paid antivirus software?
Free and light antivirus software will zap away common viruses and provide your device with basic protection. However, that shouldn’t be your only requirement because it won’t be able to defend your devices against new and ever-growing sophisticated threats. Downloading a light/free version may leave plenty of holes in your defense, and you’ll still be vulnerable to malicious attacks. Moreover, they tend to be much more reactive in nature.

In contrast, a paid antivirus solution plugs these holes and gives you more all-around protection. Paid antivirus software is also more reliable in combating dangerous apps and new malware threats, by shutting them down before they sprout. This is due to their proactive capabilities and updated defense systems. With a paid antivirus, you’ll enjoy advanced protection as compared to the limited security from free options.

There certainly are antivirus software providers that allow you free use of their full versions, albeit for a limited time. This, we think, is a great idea because you get complete access to an uncompromised version of the software and are afforded the ability to try before you commit to a purchase.

Q3. Does it have an impressive reputation?
One of the crucial factors that determine reliable antivirus software is reputation. So it’s essential that you subscribe to one with a proven track record. An anti-malware software that is tried and tested. Take a look at those with the best reviews surrounding your needs. We also suggest looking at test results published by independent and authoritative antivirus labs. These are autonomous quality-testing labs that independently assess antivirus and cybersecurity software in the market to evaluate their overall performance.

Recently, Germany’s reputed AV-TEST institute conducted an independent test on the ESET antivirus software. And the test results were nothing short of remarkable. ESET secured a perfect 100% score across all 3 major categories – Protection, Performance, and Usability. This means that researchers found that ESET’s security suite was able to protect its devices with 100% accuracy.

And although the score is quite impressive, this isn’t the first time ESET has scored so well. ESET has been consistently scoring top scores in independent tests run by some of the top independent labs in the industry for years now. This has established ESET as one of the best providers around when it comes to digital security. And it’s also one of the reasons why ESET has been chosen by more than a hundred and ten million users worldwide, and has become the leading antivirus software in Europe.

Q4. Will it be light on my system?
The best form of security is invisible and discreet. And if you’re somebody who enjoys spending a lot of time browsing the web, you want an antivirus solution that gives your devices full protection without constantly letting you know about its presence. You want a security suite that allows you to sail through the internet smoothly without impeding the overall performance of the computer. Many anti-malware software cause devices to lag since they demand high CPU usage. So it’s best for you to choose an antivirus software that’s very light on system resources, consumes minimal processing power, and doesn’t slow your computer down. This helps shield you from the ever-lurking malicious threats on the internet without compromising on your user experience.

Compared to all the other major security products, ESET’s home products famously have little impact on device usage, with a very light system footprint. This means that the ESET anti-malware scanning is so lightweight that you won’t even notice it running in the background.

Q5. Does it provide practical features?
Who doesn’t like cool features? When you’re thinking about installing a security software, you want it to be as all-encompassing as possible. Therefore, it’s smart to look for vendors that pack their systems with useful additional features that cover your security needs outside malware threats.

For example, ESET offers an anti-theft feature. This allows you to precisely locate your device if it ever gets stolen. It even allows you to send one-way messages and access your laptop’s webcam. Additional features also include a password manager that helps you generate strong, secure passwords and guards your login credentials. It also provides parental control which lets you regulate your children’s internet usage. Although most additional features only come with paid antivirus systems, getting complete security protection at the expense of a few dollars is always worth the spend.

Q6. Is the antivirus software easy to use?
It’s safe to say we all prefer systems and programs that are simple and easy to use. Especially when you’re on the lookout for software that’s going to oversee the entire security of your personal or professional device. It has to have a user-friendly look and feel to it. Everybody has their own set of preferences and tastes. And for many of us, the user interface and design scheme have to be coherent and clear, regardless of how good its malware detection and removal scores are.

Moreover, many users install and accept default installation antivirus software settings without ever optimizing them. This may be due to the visual inaccessibility the user feels. Many security providers seem to struggle with this. Often their complicated interfaces discourage users from disabling and enabling certain functions. This may eventually leave the device susceptible to malware attacks. So looking for an anti-malware system that allows easy navigation with high configurability may prove to be an important factor to consider.

We offer a solution that strikes a fine balance between these two requirements. The options and features in our security suite are all displayed in a way that feels intuitive and effortless to operate. It’s also highly customizable as it allows you to tailor your security level based on your liking and preferences. Overall, this gives you the total control and understanding needed for your to enjoy the highest possible security.

Q7. Does it offer good customer support?
Customer support isn’t on everybody’s priority list, especially if they’re comfortable using computers. But in case you prefer allowing experts to handle your tech issues, comprehensive customer support may be an important factor for you to consider. In which case it’s best that you look for antivirus software that offers top-notch customer support. There are some that provide in-depth assistance when users get stuck in a malware crisis.

With ESET, you get in-depth support from a set of comprehensive online support guides and videos in case you face any technical issues. Moreover, ESET offers immediate assistance by leveraging on AI, via a chatbot and swift email-based support. That way you can ask for all the assistance you require through your most preferred medium.

Final Verdict: Is free antivirus software worth the risks it brings?
Even though a free or light antivirus software might appear appealing, it’s not recommended you opt for one. With its unreliability when it comes to heavy threats, inability to detect sophisticated/unknown malware, lack of features and comprehensive technical support, downloading a free version won’t give you plenty of benefits or protection. Instead, you may want to consider an antivirus that offers a free, full-featured trial.

A free trial provides you with all-round complete threat protection along with all the additional features of the paid version at the expense of absolutely nothing. This allows you to fully experience the antivirus software before you purchase it and make sure that it’s suitable for you. Try to actively seek free trials that give you a full glance of what they’re offering over those with limited features. After all, a high level of transparency is often a clear indicator of a superior product.

ESET is one such award-winning defense system that offers a free trial where you get to enjoy all the features and attributes of the paid version, completely free. And the best part is you’ll receive the free trial without even filling in your credit card details – this is important because you don’t want the software that’s meant to protect you sneaking in a charge on your credit card!

If you’re someone who likes to spend time freely browsing the internet, or someone who enjoys going on online shopping sprees, or have children constantly occupying your devices, spending a few dollars a month will rid you of many troubles and worries. Most importantly, you’ll be getting the comfort and peace of mind that comes with top-notch security.

FamousSparrow exploited the Microsoft Exchange vulnerability chain known from March 2021

BRATISLAVA, MONTREAL — ESET researchers have uncovered a new cyberespionage group attacking mainly hotels worldwide but also governments, international organizations, engineering companies and law firms. ESET has named this group FamousSparrow and believes it has been active since at least 2019. FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil, Canada, Guatemala), Asia (Taiwan) and Africa (Burkina Faso). The targeting suggests that FamousSparrow’s intent is cyberespionage.

Reviewing telemetry data during its investigation, ESET Research discovered that FamousSparrow leveraged the Microsoft Exchange vulnerabilities known as ProxyLogon that ESET reported on in March 2021. This remote code execution vulnerability chain was used by more than 10 APT groups to take over Exchange email servers worldwide.

According to ESET telemetry, FamousSparrow started to exploit the vulnerabilities on March 3, 2021, the day following the release of the patches, meaning it is yet another APT group that had access to the details of the ProxyLogon vulnerability chain in March 2021. “This is another reminder that it is critical to patch internet-facing applications quickly, or, if quick patching is not possible, to not expose them to the internet at all,” advises Matthieu Faou, ESET researcher who uncovered FamousSparrow along with his colleague Tahseen Bin Taj.

“FamousSparrow is currently the only user of a custom backdoor that we discovered in the investigation and called SparrowDoor. The group also uses two custom versions of Mimikatz. The presence of any of these custom malicious tools could be used to connect incidents to FamousSparrow,” explains ESET researcher Tahseen Bin Taj.

Although ESET Research considers FamousSparrow to be a separate entity, there are some connections to other known APT groups. In one case, the attackers deployed a variant of Motnug, a loader used by SparklingGoblin. In another case, a machine compromised by FamousSparrow was also running Metasploit with cdn.kkxx888666[.]com as its command and control server, a domain related to a group known as DRDControl.

For more technical details about FamousSparrow, read the blogpost “FamousSparrow: A suspicious hotel guest” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

 Geographic distribution of FamousSparrow targets