Skip to content

ESET Threat Report T2 2022: RDP attacks see further drop; ransomware loses war-related messaging

  • Following a sharp decline observed in T1 2022, the total number of RDP attack attempts declined by a further 89%; the likely reasons for the decline are post-COVID return to offices, improved security, and the Russia-Ukraine war.
  • Politically motivated ransomware declined; operators turned their attention from Russia back to their usual targets such as the United States, China, and Israel.
  • Emotet continued to be active, with detections seen mainly in Japan and Italy; according to ESET telemetry, its operators took time off in August.
  • ESET phishing feeds showed a sixfold increase in shipping-themed phishing URLs, with the most commonly impersonated brands being USPS and DHL.
  • Web skimmer known as Magecart constituted three-fourths of all banking malware detections, leaving far behind the rest of the malware strains in the category.
  • Cryptocurrency threats went down along with the price of bitcoin; however, the previously declining category of Cryptostealers grew by almost 50%.

BRATISLAVA — October 5, 2022 — ESET released today its T2 2022 Threat Report, summarizing key statistics from ESET detection systems, and highlighting notable examples of ESET’s cybersecurity research. The latest issue of the ESET Threat Report (covering May to August 2022) sheds light on the changes in ideologically motivated ransomware, Emotet activity, the most-used phishing lures, how the plummeting cryptocurrency exchange rates affected online threats, and the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks. ESET analysts think these attacks continued to lose their steam due to the Russia-Ukraine war, along with the post-COVID return to offices and overall improved security of corporate environments.

Even with declining numbers, Russian IP addresses continued to be responsible for the largest portion of RDP attacks. “In T1 2022, Russia was also the country that was most targeted by ransomware, with some of the attacks being politically or ideologically motivated by the war. However, ESET Threat Report T2 2022 shows that this hacktivism wave has declined in T2, and ransomware operators turned their attention towards the United States, China, and Israel,” explains Roman Kováč, Chief Research Officer at ESET.

According to ESET telemetry, August was a vacation month for the operators of Emotet, the most influential downloader strain. The gang behind it also adapted to Microsoft’s decision to disable VBA macros in documents originating from the internet and focused on campaigns based on weaponized Microsoft Office files and LNK files.

The report also examines threats mostly impacting home users. ESET phishing feeds showed a sixfold increase in shipping-themed phishing lures, most of the time presenting the victims with fake DHL and USPS requests to verify shipping addresses. “In terms of threats directly affecting virtual and physical currencies, a web skimmer known as Magecart remains the leading threat going after online shoppers’ credit card details. We also saw a twofold increase in cryptocurrency-themed phishing lures and a rising number of cryptostealers,” explains Kováč.

The ESET T2 2022 Threat Report also reviews the most important findings and achievements by ESET researchers. They uncovered a previously unknown macOS backdoor, and later attributed it to ScarCruft, discovered an updated version of the Sandworm APT group’s ArguePatch malware loader, uncovered Lazarus payloads in trojanized apps, and analyzed an instance of the Lazarus Operation In(ter)ception campaign targeting macOS devices while spearphishing in crypto-waters. ESET researchers also discovered buffer overflow vulnerabilities in Lenovo UEFI firmware and a new campaign using a fake Salesforce update as a lure.

Besides these findings, the report also summarizes the many talks given by ESET researchers in recent months, and introduces talks planned for AVAR, Ekoparty, and many other conferences. For more information, check out ESET Threat Report T2 2022 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

CyberLink’s FaceMe Security Bundled with ASUS Mini PCs: Partnership delivers a lightweight turnkey security control solution designed for at-home and small business use

ASUS Mini PCs with pre-installed FaceMe Security offers a lightweight yet capable smart security control solution. The collaboration gives at-home and small business owners facial recognition security access control.

TAIPEI, TAIWAN – October 04, 2022 – CyberLink, a leader in AI facial recognition technology, recently announced their partnership with ASUS to pre-install its FaceMe Security solution on the ASUS Mini PC PN63-S1 and ExpertCenter PN64 series Mini PCs for businesses. These users will have access to the world’s leading facial recognition engine on their ASUS Mini PCs, and have the option of using facial recognition access control systems ideal for everyday home and small business use.

In the past, facial recognition security controls were mostly designed for larger businesses or enterprises, relying on GPU computing and dedicated servers, with considerable space and power requirements. With the integration of FaceMe Security, the everyday home computer user and small business owner has access to the same level of security, but without the heavy equipment.

ASUS Mini PCs combine a lightweight, powerful computing performance with a low power consumption. These compact PCs can be hooked up to a monitor or desktop without taking up much space, making them suitable for deploying security control equipment in confined spaces on any screen size. ASUS Mini PC PN63-S1 and ExpertCenter PN64 series Mini PCs also use the latest Intel® Core™ processors, leveraging the excellent display performance of Intel® Iris® Xe iGPUs to accelerate facial recognition processing. Through its multiple-I/O connections, an ASUS Mini PC can monitor 3-4 cameras at the same time, and monitor through traffic of up to 1,530 people per hour.

CyberLink’s FaceMe Security leverages the world’s most accurate face recognition engine, which can quickly and accurately verify an individual’s identity to implement security control and access control management.

“We have seen a widespread demand for facial recognition driven access control in both office and residential environments,” said Dr. Jau Huang, Chairman and CEO of CyberLink, “The cooperation between CyberLink and ASUS satisfies users’ desire for accurate facial recognition-based security. Moreover, the combination of the processing power and compactness of ASUS Mini PCs means our collaborative solution is easy to deploy in a wide range of environments. Thanks to this partnership with ASUS and others, we see CyberLink’s facial recognition technology continuing to expand and innovate in the smart security market.”

For more FaceMe Security information, please visit: 
https://version-2.com.sg/cyberlink-face-me/

For more ASUS Mini PC product information, please visit :

PN63-S1: https://www.asus.com/Displays-Desktops/Mini-PCs/PN-series/Mini-PC-PN63-S1/

PN64: https://www.asus.com/Displays-Desktops/Mini-PCs/PN-series/ASUS-ExpertCenter-PN64/

Why ASUS Mini PC : https://www.asus.com/content/why-ASUS-Mini-PC/

About ASUS
ASUS is a global technology leader that provides the world’s most innovative and intuitive devices, components and solutions to deliver incredible experiences that enhance the lives of people everywhere. With its team of 5,000 in-house R&D experts, ASUS is world-renowned for continuously reimagining today’s technologies for tomorrow, garners more than 11 awards every day for quality, innovation and design, and is ranked among Fortune’s World’s Most Admired Companies.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com