ESET released its T2 2022 Threat Report (covering May to August 2022) sheds light on the changes in ideologically motivated ransomware, Emotet activity, the most-used phishing lures, how the plummeting cryptocurrency exchange rates affected online threats, and the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks. ESET analysts think these attacks continued to lose their steam due to the Russia-Ukraine war, along with the post-COVID return to offices and overall improved security of corporate environments.
Even with declining numbers, Russian IP addresses continued to be responsible for the largest portion of RDP attacks. “In T1 2022, Russia was also the country that was most targeted by ransomware, with some of the attacks being politically or ideologically motivated by the war. However, ESET Threat Report T2 2022 shows that this hacktivism wave has declined in T2, and ransomware operators turned their attention towards the United States, China, and Israel,” explains Roman Kováč, Chief Research Officer at ESET.
According to ESET telemetry, August was a vacation month for the operators of Emotet, the most influential downloader strain. The gang behind it also adapted to Microsoft’s decision to disable VBA macros in documents originating from the internet and focused on campaigns based on weaponized Microsoft Office files and LNK files.
The report also examines threats mostly impacting home users. ESET phishing feeds showed a sixfold increase in shipping-themed phishing lures, most of the time presenting the victims with fake DHL and USPS requests to verify shipping addresses. “In terms of threats