ESET Issues Its Q4 2020 Threat Report Recording A Massive Increase In RDP Attack Attempts Since Q1


ESET has released its Q4 2020 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research – including previously unpublished ESET research updates. As the final threat report of the year 2020, it also comes with commentary on the broader trends observed throughout the year as well as predictions for 2021 by ESET malware research and detection specialists.

The COVID-19 pandemic continued to influence the cybercrime landscape. Most notably, the new attack surface created by the shift to work from home brought further growth of Remote Desktop Protocol (RDP) attacks, albeit at a slower rate compared to previous quarters. Between Q1 and Q4 2020, ESET telemetry recorded a staggering 768% increase in RDP attack attempts. “RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4,” explains Roman Kováč, Chief Research Officer at ESET.

Another trend observed in Q4 was an increase in COVID-19-themed email threats, especially related to the end-of-year vaccine rollouts. Vaccinations offered cybercriminals an opportunity to extend their portfolios of lures used, a trend that is expected to continue in 2021.

The featured story of the report recounts the events of October 2020, when ESET took part in a global disruption campaign targeting TrickBot, one of the largest and longest-lived botnets. These coordinated efforts resulted in 94% of TrickBot’s servers taken down in a single week. “There was a sharp decline in TrickBot’s activities following the disruption operation late last year. We are continuously monitoring the TrickBot botnet, and the level of activity remains very low to this day,” comments Jean-Ian Boutin, Head of Threat Research at ESET.

The ESET Q4 2020 Threat Report also reviews the most important findings and achievements by ESET researchers: a previously unknown APT group targeting the Balkans and Eastern Europe, named XDSpy, and a remarkable number of supply-chain attacks, such as a Lazarus attack in South Korea, a Mongolian supply-chain attack named Operation StealthyTrident, and the Operation SignSight supply‑chain attack against a certification authority in Vietnam.

The exclusive research presented in the Q4 2020 Threat Report delivers updates on investigations around Lazarus’s Operation In(ter)ception, the PipeMon backdoor used by the Winnti group, and changes to the tools employed by the InvisiMole group.

The report also contains an overview of the numerous talks given by ESET research specialists in Q4, introduces talks planned for the RSA conference in May 2021 and provides an overview of ESET’s contributions to the MITRE ATT&CK knowledge base.