Skip to content

Mária Trnková named Chief Marketing Officer, will lead a newly formed division at ESET

BRATISLAVA — June 1, 2023 —  ESET, a global leader in cybersecurity, is proud to announce the establishment of its new Marketing, Communication, and Digital Business division, appointing Mária Trnková as Chief Marketing Officer. This strategic move, effective June 1, 2023, reflects ESET’s commitment to innovation, enhancing partner and customer experiences, and strengthening its brand presence in the market.

Mária Trnková, previously Vice President for the Consumer and IoT Segment at ESET, brings on board experience with the creation and implementation of an effective data-driven strategy. Mária started her career at ESET in the autumn of 2016. Her journey began as the EMEA Territory Marketing Manager, where she collaborated closely with regional teams to shape effective marketing strategies. During her six-year tenure, Mária showcased exceptional leadership skills, progressively taking on more responsibility and driving impactful results. When she stepped into the position of Segment VP in October 2019, she moved into a role with interfaces across the entire organization. She also worked closely with the company´s management to ensure Consumer and IoT segment strategy definition and effective implementation.

In her new role as Chief Marketing Officer, Mária will spearhead the newly formed Marketing, Communication, and Digital Business division. This strategic division will enhance ESET’s marketing support across segments, fortify its brand position, and foster innovation through closer collaboration with technology and Environmental, Social, and Governance (ESG) teams. The key enabler for successful marketing implementation will be close cooperation with regional and local branches, ensuring delivery of the utmost value to customers.

“I am deeply honored to assume the role of Chief Marketing Officer at ESET. Throughout my journey with the company, I have witnessed the power of hard work and dedication in driving success. I am grateful to work in an inclusive environment where diverse perspectives thrive, fueling innovation and propelling ESET’s growth in the dynamic cybersecurity landscape. Together, we will continue to push boundaries and deliver exceptional solutions to our valued customers,” said Trnková.

Richard Marko, Chief Executive Officer of ESET, expressed his excitement about appointing Mária Trnková as Chief Marketing Officer. He stated, “At ESET, we continuously work on strengthening the position of our brand in the market through research and innovations, but also on improving our performance and finding the right solutions for our customers’ needs. Mária’s appointment as CMO represents a significant step forward for ESET as well as our commitment to keep incorporating equity, and inclusion into our company’s leadership. Her exceptional skills and dedication to driving innovation make her the perfect fit for this role, I wish her a lot of success.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET tops the 2023 performance & malware protection tests for consumer products and receives Advanced+ awards

ESET stood out in the Malware Protection Test and the Performance Test conducted by one of the globe’s leading independent security testing organizations

BRATISLAVA — June 2, 2023 —  ESET, a global leader in cybersecurity, is proud to announce that its advanced multilayered security product ESET Internet Security has received the prestigious Advanced+ awards in the recent Malware Protection Test and Performance Test conducted by AV-Comparatives. This recognition highlights ESET’s exceptional performance and its commitment to safeguarding users against malware threats.

The Malware Protection Test evaluated a range of products from 16 vendors, including ESET Internet Security, through the execution of malicious files on the system. The test encompassed vectors such as network drives, USBs, and scenarios where malware existed on the disk. The comprehensive test set comprised 10,015 recent and prevalent malware samples, representing the real-world threats faced by users. ESET Internet Security achieved an outstanding 99.9% malware protection rate. Furthermore, the test report also included a false alarm test, which evaluated the quality of file detection capabilities of antivirus products. Notably, ESET Internet Security exhibited flawless performance with zero false alarms, reinforcing its reliability and demonstrating its ability to detect legitimate files and potential malware threats effectively.

In the latest Performance Test, both “Antivirus” and “Internet Security” consumer products underwent testing – both referred to as security products. The results demonstrate the impact on system performance that a security product has when compared to other tested security products from 16 vendors. The Performance Test comprises several assessments, and the results from these tests collaboratively shape the overall Impact Score. To test the product’s efficiency in using minimal resources, the performance impact across various routine operations, such as file copying, archiving, installing, launching applications, downloading files, and browsing websites, was assessed. The products were classified as Slow, Mediocre, Fast, and Very Fast based on the median results. In addition, the test also ran under the industry-recognized PC Mark benchmark, where the test machine, without any security software, was assigned a PC Mark score of 100 points. Particularly in the PC Mark assessment, ESET Internet Security claimed the top position with 98.4 points, highlighting the efficacy and overall performance of the solution in real-world use.

ESET Internet Security excelled in this rigorous assessment in both the Malware Protection and the Performance Tests. This remarkable score positioned ESET Internet Security among the top of all 16 vendors’ products. It showcased its commitment to delivering robust digital security solutions while fostering trust among consumers guided by AV-Comparatives’ test results.

“We have a deep commitment at ESET to continuously monitor the evolving security landscape and provide advanced solutions. ESET Internet Security, our best mobile multilayered protection against all types of malware threats, helps our modern users concerned about their privacy, who actively use the internet for shopping, banking, work, and communication. Thus, we are thrilled to receive the Advanced+ awards in the Malware Protection Test and the Performance Test by AV-Comparatives, one of the globe’s leading independent security testing organizations,” said Mária Trnková, Vice President of the Consumer and IoT Segment at ESET. “This achievement is a testament to our relentless pursuit of excellence in protecting our users with admirable solutions based on the continuous development of our core ESET technologies. We remain committed to delivering security solutions that provide the highest level of protection without compromising on usability.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET is a notable vendor in the endpoint security market, according to a report by an independent research firm

BRATISLAVA — May 26, 2023 —  ESET, a global leader in digital security, was included in Forrester’s The Endpoint Security Landscape, Q2 2023 report. The report provides an overview of 33 worldwide endpoint security vendors, amongst which ESET is recognized as a notable endpoint security provider based on product revenue. Landscape reports help Forrester clients become more educated about a market by defining current-state market maturity, detailing the top market dynamics and use cases, and providing a list of vendors or providers, which they might prioritize based on size, focus and geography.

As stated in the report, endpoint security solutions are the first and last line of defense for business users, protecting their devices from malware, detecting and responding to dangerous or malicious actions, and resolving incidents quickly and efficiently. Therefore, the critical importance of endpoint security is covered by this report, and by being included in it, ESET is acknowledged as a notable player in this mature market. Vendors in the report vary by size, geography, and use case, including five extended use cases of browser security, enhanced security measures, flexible reporting, mobile threat defense and unmanaged device protection. These are use cases that buyers look to address in addition to the core use cases (endpoint protection, incident resolution, device control). ESET is among those representative vendors with browser security, flexible reporting and mobile threat defense as extended use cases.

“At ESET, we closely monitor the security landscape we and our customers operate in. Based on our telemetry, we keep expanding our endpoint protection offering by adding new features. Our solutions are created with our customers in mind as we introduce options to compensate for our customers’ understaffed security teams, allowing the companies to focus on their operations and what really matters to them,” said Jakub Debski, Chief Product Officer at ESET. “We are very proud to be included in Forrester’s report because, as a privately owned, tech-focused company, we have always taken a science-based, security-first approach to developing our solutions.”

The full report can be accessed via a subscription here.
For more information about ESET’s awards and recognition, click here

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research reveals new analysis of AceCryptor: used by crimeware, it hits computers 10,000 times every month

  • ESET researchers publish details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families.
  • AceCryptor samples are very prevalent worldwide because multiple threat actors are actively using the cryptor malware to spread packed malware in their campaigns.
  • During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor.
  • Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. This amounts to over 10,000 hits every month.
  • Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware used to steal credit card credentials and sensitive data, upload and download files, and even steal cryptocurrency.
  • AceCryptor is heavily obfuscated and has multiple variants, and throughout the years, has incorporated many techniques to avoid detection.

BRATISLAVA — May 25, 2023 — ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected over 240,000 detection hits of this malware, which amounts to over 10,000 hits every month. It is likely sold on dark web or underground forums, and tens of different malware families have used the services of this malware. Many rely on this cryptor as their main protection against static detections.

“For malware authors, protecting their creations against detection is challenging. Cryptors are the first layer of defense for malware that gets distributed. Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors, it often may be time-consuming or technically difficult to maintain their cryptor in a fully undetectable state. Demand for such protection has created multiple cryptor-as-a-service options that pack malware,” says ESET researcher Jakub Kaloč, who analyzed AceCryptor.

Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware available for purchase on underground forums and used to steal credit card credentials and other sensitive data, upload and download files, and even steal cryptocurrency. RedLine Stealer was first seen in Q1 2022; distributors have used AceCryptor since then, and continue to do so. “Thus, being able to reliably detect AceCryptor not only helps us with visibility into new emerging threats, but also with monitoring the activities of threat actors,” explains Kaloč.

During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor. Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. AceCryptor is heavily obfuscated and has incorporated many techniques to avoid detection throughout the years. “Even though we don’t know the exact pricing of this service, with this number of detections, we assume that the gains to the AceCryptor authors aren’t negligible,” theorizes Kaloč.

Because AceCryptor is used by multiple threat actors, malware packed by it is distributed in multiple ways. According to ESET telemetry, devices were exposed to AceCryptor-packed malware mainly via trojanized installers of pirated software, or spam emails containing malicious attachments. Another way someone may be exposed is via other malware that downloaded new malware protected by AceCryptor. An example is the Amadey botnet, which we have observed downloading an AceCryptor-packed RedLine Stealer.

Since many threat actors use the malware, anyone can be affected. Because of the diversity of packed malware, it is difficult to estimate how severe the consequences are for a compromised victim. AceCryptor may have been dropped by other malware, already running on a victim’s machine, or, if the victim got directly afflicted by, for example, opening a malicious email attachment, any malware inside might have downloaded additional malware; thus, many malware families may be present simultaneously. AceCryptor has multiple variants and currently uses a multistage, three-layer architecture.

Even though attribution of AceCryptor to a particular threat actor is not possible for now, ESET Research expects that AceCryptor will continue to be widely used. Closer monitoring will help prevent and discover new campaigns of malware families packed with this cryptor.

For more technical information about AceCryptor, check out the blogpost “Shedding light on AceCryptor and its operation” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Heatmap of countries affected by AceCryptor according to ESET telemetry

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Legitimate Android app iRecorder turns malicious within a year, spies on its users, ESET Research discovers

  • As a Google App Defense Alliance partner, ESET detected a trojanized app available on the Google Play Store and named the AhMyth-based malware it contained AhRat.
  • Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch.
  • The application’s specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.
  • The malicious app with over 50,000 downloads was removed from Google Play after ESET Research’s alert; ESET has not detected AhRat anywhere else in the wild.

BRATISLAVA, KOŠICE — May 23, 2023 — ESET researchers have discovered a trojanized Android app named iRecorder – Screen Recorder. It was available on Google Play as a legitimate app in September 2021, with malicious functionality most likely added in August 2022. During its existence, the app was installed on more than 50,000 devices. The malicious code that was added to the clean version of iRecorder is based on the open-source AhMyth Android RAT (remote access trojan) and has been customized into what ESET named AhRat. The malicious app is capable of recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign.

Besides the Google Play Store, ESET Research has not detected AhRat anywhere else in the wild. However, this is not the first time that AhMyth-based Android malware has been available on the official store; ESET previously published research on such a trojanized app in 2019. Back then, the spyware, built on the foundations of AhMyth, circumvented Google’s app-vetting process twice, as a malicious app providing radio streaming. However, the iRecorder app can also be found on alternative and unofficial Android markets, and the developer also provides other applications on Google Play, but they don’t contain malicious code.

“The AhRat research case serves as a good example of how an initially legitimate application can transform into a malicious one, even after many months, spying on its users and compromising their privacy. While it is possible that the app developer had intended to build up a user base before compromising their Android devices through an update or that a malicious actor introduced this change in the app; so far, we have no evidence for either of these hypotheses,” explains ESET researcher Lukáš Štefanko, who discovered and investigated the threat.

The remotely controlled AhRat is a customization of the open-source AhMyth RAT, which means that the authors of the malicious app invested significant effort into understanding the code of both the app and the back end, ultimately adapting it to suit their own needs.

Aside from providing legitimate screen recording functionality, the malicious iRecorder can record surrounding audio from the device’s microphone and upload it to the attacker’s command and control server. It can also exfiltrate from the device files with extensions representing saved web pages, images, audio, video, and document files, and file formats used for compressing multiple files.

Android users who installed an earlier version of iRecorder (prior to version 1.3.8), which lacked any malicious features, would have unknowingly exposed their devices to AhRat if they subsequently updated the app either manually or automatically, even without granting any further app permission approval.

“Fortunately, preventive measures against such malicious actions have already been implemented in Android 11 and higher versions in the form of app hibernation. This feature effectively places apps that have been dormant for several months into a hibernation state, thereby resetting their runtime permissions and preventing malicious apps from functioning as intended. The malicious app was removed from Google Play after our alert, which confirms that the need for protection to be provided through multiple layers, such as ESET Mobile Security, remains essential for safeguarding devices against potential security breaches,” concludes Štefanko.

ESET Research has not yet found any concrete evidence that would enable the attribution of this activity to a particular campaign or APT group.

For more technical information about the malicious iRecorder app and AhRat, check out the blogpost “Android app breaking bad: From legitimate screen recording to file exfiltration within a year” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

“Starmus Earth: the future of our home planet” launched in an unprecedented simultaneous event in London and Bratislava

  • From climate change to the environmental crisis, AI ethics and genetic engineering, Starmus VII, in partnership with ESET, will sharpen its focus on the future of our home planet 
  • Bratislava, Slovakia, will host the seventh edition of Starmus in May 2024, raising awareness of Earth’s most urgent questions and science’s role in answering them
  • Starmus begins its countdown to Bratislava with parallel launch events in the host city and at the Royal Society in London, with a panel discussion featuring some of science’s greatest minds, including Dr Jane Goodall, DBE, Founder of the Jane Goodall Institute & UN Messenger of Peace, who also joins the Starmus Advisory Board

LONDON, BRATISLAVA — May 11, 2023 —Starmus, the global festival of science communication – and the brainchild of astrophysicist Garik Israelian, PhD, and Queen guitarist Sir Brian May, who also has a PhD in astrophysics – has announced it will turn its gaze from the stars to the future of planet Earth taking its seventh edition to Bratislava in 2024.

Today, Sir Brian May and Dr. Garik Israelian announced the festival’s theme, ‘Starmus Earth: the future of our home planet,’ at a panel event at London’s Royal Society. They were joined by world-renowned ethologist and conservationist Dr. Jane Goodall, DBE, (who now joins the Starmus Advisory Board), cosmologist
Sir Martin Rees
and Global Governance Professor Mary Kaldor, who led a unique discussion, moderated by Dr. Israelian, on how to solve some of our planet’s most pressing challenges.

Microbiologist and Nobel Laureate Emmanuelle Charpentier joined the panel remotely from a parallel launch event on the river Danube in Bratislava, alongside iPod inventor Tony Fadell and Richard Marko, a cybersecurity expert and CEO of ESET, the festival’s lead partner.

“Starmus has traditionally focused on interrogating the mysteries of the universe, looking upwards to inspire and educate the next generation of explorers and regenerate the spirit of discovery, bringing art, music, and the world’s greatest scientific and artistic minds together to enhance science communication,” said Starmus co-founder Dr. Garik Israelian. “As the old saying goes, ‘Earth is a planet too!’ We are a privileged part of the cosmos, and as living beings, we are made of star stuff. The very atoms in our bodies were forged in the earliest days of the universe or in the deaths of low-mass and high-mass stars. Earth is in the universe, and just as much a part of it as the stars”.

“Climate change could eventually make life on Earth untenable, and we are seeing signs of that rapid evolution now. We must take steps to take care of our world, and Starmus offers an important voice that draws attention to the urgency,” said Dr. Jane Goodall.

In 2024, Starmus will turn its gaze closer to home and analyze how we can tackle the challenges that most threaten Earth’s future, from the threats facing our environment and climate to far-reaching technologies like artificial intelligence, genetic engineering, and cybersecurity – as well as the humanitarian crises caused by armed conflict around the world.

“Since 2011, STARMUS conferences have assembled scientists and artists to look outwards at the Space around us with clear eyes, to celebrate the wonders of the Universe.  This year, more than ever, aware of the current threat of the extinction of life in the Biosphere, for the first time, STARMUS focuses inward on our home planet.  By bringing together many of the greatest and most free-thinking brains from all countries, we will try to find new answers to the questions we must now ask, to save the life of Planet Earth.” said Sir Brian May, legendary Queen guitarist and Starmus co-founder and Advisory Board member.

This year, Starmus is partnering with ESET – a global cybersecurity company headquartered in Bratislava – to inspire young people in Slovakia and around the world to take responsibility and contribute to the future of our planet, using scientific research and state-of-the-art technology.  

“ESET’s role is to deliver state-of-the-art technology and innovation that protects societal progress. We believe this progress is brought about by science,” said Richard Marko, CEO of ESET. “We are proud to partner with Starmus to join its efforts in inspiring new generations of scientists and those who appreciate its values.”

Starmus Earth will welcome world-class scientists, artists, and environmentalists to share breakthrough discoveries, debate the big questions and inspire new generations of scientists, technologists, and activists. The Starmus Advisory Board will announce the full line-up of scientists, artists, and musicians later this year, but some of the 40+ confirmed speakers at Starmus Earth include astronaut and Apollo 16 moonwalker Charlie Duke, former president of Ireland Mary Robinson, physicist Donna Strickland, and the legendary American science television presenter Bill Nye. (full list on www.starmus.com)

The festival, as in previous editions, will also award the Stephen Hawking Medal for Science Communication across four categories: Music & Arts, Science Writing, Films & Entertainment, and Lifetime Achievement.

In addition to launching its seventh edition, Starmus also released previously unseen live music performances from past iterations of the festival: “Who Wants to Live Forever?” from Starmus V, performed by Sir Brian May, Hans Zimmer, Vittorio Grigolo, Steve Vai and Rick Wakeman with the Luzern Symphony Orchestra; and “Smoke on the Water” from Starmus VI, featuring Sir Brian May,  Jeff Scott Soto, Derek Sherinian, Simon Phillips, Ric Fierabracci and Ron “Bumblefoot” Thal.

Next year’s festival will be the first Starmus since September 2022, when it was held in Yerevan, Armenia, and celebrated 50 years of mankind’s exploration of Mars. Previous incarnations of Starmus have seen the festival travel to Zurich, Switzerland; Trondheim, Norway; and Spain’s Canary Islands.

Tickets for Starmus Earth, held in Bratislava from 12-17 May 2024, will go on sale in October. For more information visit Starmus.com

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET APT Activity Report: Attacks by China-, North Korea-, and Iran-aligned threat actors; Russia eyes Ukraine and the EU

  • ESET has released its APT Activity Report covering Q4 2022 and Q1 2023, which summarizes the activities of selected advanced persistent threat (APT) groups.
  • China-aligned threat actors Ke3chang and Mustang Panda focused on European organizations.
  • North Korea-aligned groups continued to focus on South Korean and South Korea-related entities.
  • Lazarus targeted employees of a defense contractor in Poland with a fake Boeing-themed job offer and also shifted its focus from its usual target verticals to a data management company in India.
  • Similarities with the newly discovered Linux malware by Lazarus corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.
  • Russia-aligned APT groups were especially active in Ukraine and EU countries.
  • Sandworm deployed wipers (including a new one we call SwiftSlicer).
  • Intelligence shared in the report is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

BRATISLAVA — May 9, 2023 — ESET has released its APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. The report is being published on a semi-annual basis. During this period, several China-aligned threat actors such as Ke3chang and Mustang Panda focused on European organizations. In Israel, Iran-aligned group OilRig deployed a new custom backdoor. North Korea-aligned groups continued to focus on South Korean and South Korea-related entities. Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers.

Malicious activities described in the ESET APT Activity Report are detected by ESET technology. “ESET products protect our customers’ systems from the malicious activities described in this report. The intelligence shared here is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers,” says Director of ESET Threat Research Jean-Ian Boutin.

China-aligned Ke3chang employed tactics such as the deployment of a new Ketrican variant, and Mustang Panda used two new backdoors. MirrorFace targeted Japan and implemented new malware delivery approaches, while Operation ChattyGoblin compromised a gambling company in the Philippines by targeting its support agents. India-aligned groups SideWinder and Donot Team continued to target governmental institutions in South Asia with the former targeting the education sector in China, and the latter continuing to develop its infamous yty framework, but also deploying the commercially available Remcos RAT. Also in South Asia, ESET Research detected a high number of Zimbra webmail phishing attempts.

In addition to targeting the employees of a defense contractor in Poland with a fake Boeing-themed job offer, North Korea-aligned group Lazarus also shifted its focus from its usual target verticals to a data management company in India, utilizing an Accenture-themed lure. ESET also identified a piece of Linux malware being leveraged in one of their campaigns. Similarities with this newly discovered malware corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.

Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers (including a new one ESET calls SwiftSlicer), and Gamaredon, Sednit, and the Dukes utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel. Finally, ESET detected that the previously mentioned Zimbra email platform was also exploited by Winter Vivern, a group particularly active in Europe, and researchers noted a significant drop in the activity of SturgeonPhisher, a group targeting government staff of Central Asian countries with spearphishing emails, leading to our belief that the group is currently retooling.

For more technical information, check the full “ESET APT Activity Report” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports. ESET researchers prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups in the form of ESET APT Reports PREMIUM to help organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. Comprehensive descriptions of activities described in this document were therefore previously provided exclusively to our premium customers. More information about ESET APT Reports PREMIUM that deliver high-quality strategic, actionable, and tactical cybersecurity threat intelligence is available at the ESET Threat Intelligence page.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Traveling your Zero Trust journey with ESET

Zero Trust seeks to transform how we secure business processes but not to the detriment of people 

In one sense, preaching under the banner of “Zero Trust” can feel misleading because if you don’t really trust anyone, you had better close up shop. Can you run a business if you can’t trust your employees, at least to some degree? If that banner were to read “Zero Unverified Trust”, that would explain itself much better, even if it is a less catchy phrase, because it clearly denotes that trust should be verified.

Traditionally, trust was granted rather freely to employees within the perimeter of a business’s network. With the revelation of international hacking attempts and incidents like the Morris worm in the 1980s, IT administrators were strongly reminded about the need to lock down access at their network perimeters. However, cloud infrastructure became increasingly popular in subsequent decades, making fuzzy the concept of a perimeter, and a perimeter-only defense security approach increasingly unfitting.

The concept of Zero Trust originated in 2009 when Forrester pointed out the need for a better approach to handling trust and, thus, for a new security model to replace the traditional perimeter-based approach. Despite the unqualified use of the term “zero”, the goal of the Zero Trust model is not to revoke all trust, but to consider more carefully when to give trust, and then monitor the trust that is given, along with the time and resources given it.

Challenges to implementing Zero Trust

The main contribution of the Zero Trust model is its call to verify and constantly reevaluate the trust given. To achieve this, at least two challenges must be addressed.

First, trust controls may fail to account for employees’ workflows fully or cause frustration if employees or clients feel they deserve more trust. Trust is complex because human behavior is complex, the tools used are varied, and business processes, resources, and staff can change frequently or unexpectedly.
For trust policies not to cause disruption, IT admins need to tailor them to the business’s processes, test them before deployment, and monitor them assiduously. This will require the IT staff to understand the business better.

Second, the business may lack the budget to invest in technologies that help enforce, monitor, and reevaluate the trust assigned. But even if the budget is lacking, there’s a good chance that existing tools and resources can be repurposed à la Zero Trust.

For example, IT admins can increase the collection of logs about user activity and access to company resources, analyze the logs to understand normal patterns and spot anomalies, or fine-tune the permissions and configurations in existing tools. Even if you have already taken these steps, you can do them again with a Zero Trust vision in mind – thinking about how to grant trust only to specific resources and for a specified time, and, as much as possible, how to monitor that trust once given. This should lead to different practical outcomes that can improve the business’s security posture.

Supporting your Zero Trust journey

ESET’s security technologies can support organizations from small businesses to large enterprises on their road to Zero Trust. An easy way to depict the comprehensiveness of the support we provide is with the following pyramid:

The pyramid sits on a bedrock layer made up of the ESET PROTECT Platform and Support Services. ESET PROTECT consists of various slices from ESET’s suite of protective technologies depicted in the pyramid’s layers above. Support services make ESET’s experts available to your staff to help ensure the best configuration of ESET products for your particular security needs and environment.

Using a pyramid can help to visualize your level of investment into technologies that support Zero Trust. Roughly speaking, the technologies at a higher layer either build on or extend the protection of those at a lower layer. Let’s quickly go through the layers from bottom to top.

The lowest layer contains technologies indispensable for business security, like endpoint protection; therefore, we characterize this as essential protection. At the extended protection layer, we find technologies to help address specific business security needs or fend off advanced threats.

Detection and response, the next layer up, is a game changer because it flips a business’s security posture from reactive to proactive. With ESET’s detection and response tool – ESET Inspect – deployed, security defenders are empowered to monitor and investigate low-level events happening on endpoints in their network.

Finally, the pyramidion at the peak of the pyramid, called threat intelligence, contains threat data feeds and advanced persistent threat (APT) reports. These reports are chock-full of research and technical analysis of new threats, available by subscription only.

In short, the pyramid above lays out some of the technologies that should accompany an organization’s Zero Trust journey. Of course, every company has its own needs fueled by local regulations, the nature of the business, the available IT security budget, and the current state of its IT infrastructure – meaning that your investment in the ESET PROTECT platform serves as no more than a rough guide on what is necessarily a bespoke security journey. What the ESET PROTECT offering does make clear is that it can be a reliable partner at multiple stages of this journey.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research: Chinese-speaking Evasive Panda group spreads malware via updates of legitimate apps and targets NGO in China

  • Users in mainland China at an international NGO were targeted with malware delivered through updates for software developed by Chinese companies.
  • With high confidence, we attribute this activity to the Chinese-speaking Evasive Panda APT group.
  • The backdoor MgBot is used for cyberespionage.

BRATISLAVA, MONTREAL — April 26, 2023 — ESET researchers have discovered a campaign conducted by the APT group known as Evasive Panda, in which update channels of legitimate Chinese applications were hijacked to also deliver the installer for the MgBot malware, Evasive Panda’s flagship cyberespionage backdoor. Chinese users were the focus of this malicious activity, which ESET telemetry shows started in 2020. The targeted users were located in the Gansu, Guangdong, and Jiangsu provinces. The majority of the Chinese victims are members of an international non-governmental organizations (NGO).

In January 2022, ESET Research discovered that while performing updates, a legitimate Chinese application had received an installer for the Evasive Panda MgBot backdoor and that the same malicious actions had already taken place as far back as 2020 with several other legitimate applications developed by Chinese companies. “Evasive Panda uses a custom backdoor known as MgBot that has seen little evolution since its discovery in 2014. To the best of our knowledge, the backdoor has not been used by any other group. Therefore, we attribute this activity to Evasive Panda with high confidence,” says ESET researcher Facundo Muñoz, who discovered this latest campaign. “During our investigation, we discovered that when performing automated updates, several legitimate application software components also downloaded MgBot backdoor installers from legitimate URLs and IP addresses,” explains Muñoz.

When ESET researchers analyzed the likelihood of several methods that could explain how the attackers managed to deliver malware through legitimate updates, two scenarios stood out: supply-chain compromises, and adversary-in-the-middle (AitM) attacks.

“Given the targeted nature of the attacks, we speculate that attackers would have needed to compromise the QQ update servers to introduce a mechanism to identify the targeted users in order to deliver the malware, and filtering out non-targeted users and delivering them legitimate updates. This is because we registered cases where legitimate updates were downloaded through the same abused protocols,” says Muñoz. “On the other hand, AitM approaches to interception would be possible if the attackers were able to compromise vulnerable devices such as routers or gateways and the attackers could have gained access to ISP infrastructure”. MgBot’s modular architecture allows it to extend its functionality by receiving and deploying modules on the compromised machine. The functionalities of the backdoor include recording keystrokes; stealing files, credentials, and content from the Tencent messaging apps QQ and WeChat; and capturing both audio streams and text copied to the clipboard. Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) is a Chinese-speaking APT group, active since at least 2012. ESET Research has observed the group conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. One victim of this campaign was verified to be located in Nigeria and was compromised through the Chinese software Mail Master by NetEase. For more technical information about the latest Evasive Panda campaign, check out the blogpost “Evasive Panda APT group delivers malware via updates for popular Chinese software” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Map of China showing where users were targeted

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Presents New Research into Corporate Network Vulnerabilities at RSA 2023

BRATISLAVA, SAN DIEGO, CA — April 20, 2023  —  ESET a global leader in digital security, today announced it will present two sessions during RSA 2023, taking place in San Francisco from April 24 to 27. With RSA bringing together the world’s top cybersecurity professionals, vendors, and a growing partner ecosystem, ESET will also host channel and enterprise customer events to encourage dynamic discussions at this year’s conference.

On Monday, April 24, ESET Specialized Security Researcher Cameron Camp and Chief Security Evangelist Tony Anscombe will present “We (Could Have) Cracked Open the Network for Under $100” at 9:40 AM PT – delving into new ESET research that examines corporate routers sold on the secondary market. ESET will share how companies are not following sufficient security protocols and processes for decommissioning hardware, making critical data from past owners accessible and open to abuse. Attendees to this presentation will learn about the impact on an organization, including the possible risk of data breaches that extend to partners and customers, and best practices for device sanitization.  

Anscombe will also present a Birds of a Feather session, “Is Legislation and Regulation a Friend or Foe of Cyber Defenders?” on April 24, 2023, at 10:50 AM PT. With many cybersecurity regulations being proposed or levied, including the US Securities and Exchange Commission (SEC), Federal Deposit Insurance Corporation (FDIC), Executive Order on the Nation’s Cybersecurity, and by various proposals by governments around the globe, this discussion will explore whether recent legislation and regulation is assisting or hampering cybersecurity teams.

“The theme of this year’s RSA show is ‘Stronger Together,’ and we are pleased to join the cybersecurity community in San Francisco – bringing new research to the stage that helps improve cybersecurity best practices and understanding with organizations in attendance,” said Anscombe. “Collaboration in cybersecurity is critical, and ESET has long been known for its investment and leadership in threat research, which spans an extensive network of researchers around the globe who protect users, businesses, critical infrastructure, and governments from new and persistent threats.”

A single layer of defense is not enough in today’s constantly evolving threat landscape. For 30 years, ESET has invested in multiple layers of proprietary technology that prevent breaches and protect against zero-day attacks. The company’s XDR and MDR services pair with ESET’s endpoint security platform to support one of the most sophisticated cybersecurity arsenals on the market. These solutions can be mixed and matched with advanced threat defense modules, including advanced sandboxing, cloud office security that protects Microsoft Office apps, full disk encryption, multifactor authentication, mail server security, and ESET cybersecurity awareness training to address the human element.

Visit ESET at booth 1167 in Moscone South to demo these advanced cybersecurity solutions and to meet the ESET team. To learn more about ESET’s presentations and presence at the show, visit https://www.eset.com/us/rsac-2023/.

ESET Speakers at RSA 2023

Tony Anscombe is the chief security evangelist for ESET. With over 25 years of security industry experience, Tony is an established author, blogger, and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and internet safety. His speaking portfolio includes industry conferences RSAC, Black Hat, VB, CTIA, MEF, Gartner Risk and Security Summit, and the Child Internet Safety Summit. He is regularly quoted in cybersecurity, technology, and business media, including BBC, Dark Reading, the Guardian, the New York Times, and USA Today, with broadcast appearances on Bloomberg, BBC, CTV, KRON, NBC, and CBS. Tony is a board member of NCA and has previously served on the board of MEF and FOSI and held an executive position with AMTSO.

Cameron Camp is a specialized security researcher for ESET, with over 20 years of security experience all the way up the stack, from embedded devices, Internet of Things, and medical devices, to industrial control system (ICS) systems for the power grid and the networks and servers to tie them all together. He has spoken on Capitol Hill, at the National Press Club, and numerous times to legislators, as well as being quoted in the Wall Street Journal, USA Today, Associated Press, Reuters, and a host of other top-tier publications. He has been on numerous broadcast news outlets and has spoken at numerous events globally.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.