The latest threat report from cybersecurity solutions company ESET found that malware (malicious software) Industroyer has been revived and is being used to target high-voltage electrical substations in connection with the ongoing war in Ukraine.
ESET telemetry recorded other changes in the cyberthreat realm that might have a connection to the situation in Ukraine. Shortly before the Russian invasion, ESET telemetry recorded a sharp drop in Remote Desktop Protocol (RDP) attacks.
“The decline in these attacks comes after two years of constant growth — and as explained in the Exploits section of the latest ESET Threat Report, this turn of events might be related to the war in Ukraine,” ESET said in a media release. “But even with this fall, almost 60% of incoming RDP attacks seen in T1 2022 originated in Russia.”
The company also noted that in the past, ransomware threats used to avoid targets located in Russia but this changed, as the country has become the most targeted in recent months. ESET researchers even detected lock-screen variants using the Ukrainian national salute “Slava Ukraini! (Glory to Ukraine!)”. Since the Russian invasion of Ukraine, there has been an increase in the number of amateurish ransomware and wipers. Their authors often pledge support for one of the fighting sides and position the attacks as personal vendettas.
The ESET report further states that the war has also been noticeably exploited by spam and phishing threats. Immediately after the invasion on February, scammers started to take advantage of people trying to support Ukraine, using fictitious charities and fundraisers as lures. On that day, ESET telemetry detected a large spike in spam detections.
“We can confirm that Emotet — the infamous malware, spread primarily through spam email — is back after last year’s takedown attempts, and has shot back up in our telemetry,” said Roman Kováč, chief research officer at ESET. “Emotet operators spewed spam campaign after spam campaign in T1, with Emotet detections growing by more than a hundredfold. However, as the Threat Report notes, the campaigns relying on malicious macros might well have been the last, given Microsoft’s recent move to disable macros from the internet by default in Office programs. Following the change, Emotet operators started testing other compromise vectors on much smaller samples of victims.”
The ESET T1 2022 Threat Report also reviews the most important research findings, with ESET Research uncovering: the abuse of kernel driver vulnerabilities; high‑impact UEFI vulnerabilities; cryptocurrency malware targeting Android and iOS devices; a yet-unattributed campaign deploying the DazzleSpy macOS malware; and the campaigns of Mustang Panda, Donot Team, Winnti Group, and the TA410 APT group.