ESET Threat Report Q2 2020

Welcome to the Q2 2020 issue of the ESET Threat Report!

With half a year passed from the outbreak of COVID-19, the world is now trying to come to terms with the new normal. But even with the initial panic settled, and many countries easing up on their lockdown restrictions, cyberattacks exploiting the pandemic showed no sign of slowing down in Q2 2020.

Our specialists saw a continued influx of COVID-19 lures in web and email attacks, with fraudsters trying to make the most out of the crisis. ESET telemetry also showed a spike in phishing emails targeting online shoppers by impersonating one of the world’s leading package delivery services — a tenfold increase compared to Q1. The rise in attacks targeting Remote Desktop Protocol (RDP) — the security of which still often remains neglected — continued in Q2, with persistent attempts to establish RDP connections more than doubling since the beginning of the year.

One of the most rapidly developing areas in Q2 was the ransomware scene, with some operators abandoning the — still quite new — trend of doxing and random data leaking, and moving to auctioning the stolen data on dedicated underground sites, and even forming “cartels” to attract more buyers.

Ransomware also made an appearance on the Android platform, targeting Canada under the guise of a COVID-19 tracing app. ESET researchers quickly put a halt to this campaign and provided a decryptor for victims. Among many other findings, our researchers: uncovered Operation In(ter)ception, which targeted high-profile aerospace and military companies; revealed the modus operandi of the elusive InvisiMole group; and dissected Ramsay, a cyberespionage toolkit targeting air‑gapped networks.

Besides offering recaps of these findings, this report also brings exclusive, previously unpublished ESET research updates, with a special focus on APT group operations — see the News From the Lab and APT Group Activity sections!

Throughout the first half of 2020, ESET has also actively contributed to the MITRE ATT&CK knowledge base in its newly released, revamped version with sub-techniques. The latest ATT&CK update includes four new ESET contributions.

And finally, after a break, this quarter has seen new conference plans take shape — although with packed venues replaced by virtual streams — and we are excited to invite you to ESET’s talks and workshops at BlackHat USA, BlackHat Asia, VB2020 and others.

Happy reading, stay safe — and stay healthy!

Roman Kovác, Chief Research Officer