Tools of cyber trade: DDos Emotet phishing & geopolitics

The digital world progresses and seeps into our every aspect, but so do cyberattacks, breaches, ransomware, and malware.

According to Cloudflare DDoS threat report 2022 Q3, one of the largest attacks on the Internet was a 2.5 Tbps DDoS attack by a Mirai botnet variant aimed at a popular Minecraft server, Wynncraft, that didn’t even notice the attack. In fact, there was a 4x increase in network-layer DDoS attacks attributed to the Mirai botnet. This underscores why securing IoT devices is critical.

Read more: Financial services in APJ among the most cyberattacked verticals

Also, gaming/gambling was the most targeted industry, seeing a massive 381% increase in Q3.

In addition, application-layer DDoS attacks double year over year, with a 114% YoY increase in application-layer DDoS attacks targeting customers. Q3 saw ransom DDoS attacks increase for the third quarter in a row. September saw almost one out of every four respondents receiving a ransom DDoS attack or threat.

ESET says the most influential downloader strain, Emotet continued to be active, with detections seen mainly in Japan and Italy. Also, ESET phishing feeds showed a sixfold increase in shipping-themed phishing URLs, with the most commonly impersonated brands being USPS and DHL.

The Bahamut APT Group Targets Android Users

In November, ESET researchers identified an active campaign targeting Android users, conducted by the Bahamut APT group, a campaign that has been ongoing since the start of this year. Malicious spyware apps are distributed through a fake SecureVPN website that provides only trojanized Android apps to download.

HTTP DDoS attacks have increased by 111% compared to Q3 ’21 and have become cheaper and more accessible to launch – which contributes to their continued growth and presence around the globe

According to ESET, this website has no association whatsoever with the legitimate, multiplatform SecureVPN software and service. Malicious apps used in this campaign can exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as WhatsApp, Facebook Messenger, Signal, Viber, and Telegram.

ESET researchers discovered at least eight versions of the Bahamut spyware, which could mean the campaign is well-maintained. The malicious apps were never available for download from Google Play.

Cyber Geopolitics

Cyberattacks are also reflecting geopolitical tensions. Attacks targeting Taiwanese companies increased nearly 20-fold, and attacks on Russian websites surged 24x compared to last year. In the beginning of October, airports around the US were hit by DDoS attacks from a pro-Russian group called Killnet this week.

Cloudflare CTO, John Graham-Cumming, said, “HTTP DDoS attacks have increased by 111% compared to Q3 ’21 and have become cheaper and more accessible to launch – which contributes to their continued growth and presence around the globe.”

Read more: Cyber loot: Conti RaaS reaped US$180 million in 2021 from ransom payments

Although, the ESET Threat Report T2 2022 states a decline in politically motivated ransomware, as operators turned their attention from Russia back to their usual targets like the US, China, and Israel.

It saw a decline in the total number of RDP attack attempts owing to post-COVID return to offices, improved security, and the Russia-Ukraine war.