ESET Threat Report Q1 2020

Foreword

Welcome to the first quarterly ESET Threat Report!

The first quarter of 2020 was, without a doubt, defined by the outbreak of COVID-19 — now a pandemic that has put much of the world under lockdown, disrupting peoples’ lives in unprecedented ways.

In the face of these developments, many businesses were forced to swiftly adopt work-from- home policies, thereby facing numerous new challenges. Soaring demand for remote access and videoconferencing applications attracted cybercriminals who quickly adjusted their attack strategies to profit from the shift.

Cybercriminals also haven’t hesitated to exploit public concerns surrounding the pandemic. In March 2020, we saw a surge in scam and malware campaigns using the coronavirus pandemic as a lure, trying to capitalize on people’s fears and hunger for information.

Even under lockdown, our analysts, detection engineers and security specialists continued to keep a close eye on this quarter’s developments. Some threat types — such as cryptominers or Android malware — saw a decrease in detections compared with the previous quarter; others — such as web threats and stalkerware — were on the rise. Web threats in particular have seen the largest increase in terms of overall numbers of detections, a possible side effect of coronavirus lockdowns.

ESET Research Labs also did not stop investigating threats — Q1 2020 saw them dissect obfuscation techniques in Stantinko’s new cryptomining module; detail the workings of advanced Brazil-targeting banking trojan Guildma; uncover new campaigns by the infamous Winnti Group and Turla; and uncover KrØØk, a previously unknown vulnerability affecting the encryption of over a billion Wi‑Fi devices.

Before lockdowns became the new normal, experts from ESET Research Labs were sharing their insights at security conferences and events around the world. In February, they unveiled the KrØØk vulnerability research and led a workshop for hunting Linux malware at RSA Conference 2020, and presented two talks at BlueHat IL.

While seeing our researchers on stage might not be possible for a while, you can still follow their findings on our blog, WeLiveSecurity, and the ESETresearch Twitter feed. And, don’t forget, in these Threat Reports!

Happy reading, stay safe — and healthy!

Roman Kovác, Chief Research Officer, ESET