Cybersecurity Cloud & Data

Tools of cyber trade: DDos Emotet phishing & geopolitics

The digital world progresses and seeps into our every aspect, but so do cyberattacks, breaches, ransomware, and malware.

According to Cloudflare DDoS threat report 2022 Q3, one of the largest attacks on the Internet was a 2.5 Tbps DDoS attack by a Mirai botnet variant aimed at a popular Minecraft server, Wynncraft, that didn’t even notice the attack. In fact, there was a 4x increase in network-layer DDoS attacks attributed to the Mirai botnet. This underscores why securing IoT devices is critical.

Read more: Financial services in APJ among the most cyberattacked verticals

Also, gaming/gambling was the most targeted industry, seeing a massive 381% increase in Q3.

In addition, application-layer DDoS attacks double year over year, with a 114% YoY increase in application-layer DDoS attacks targeting customers. Q3 saw ransom DDoS attacks increase for the third quarter in a row. September saw almost one out of every four respondents receiving a ransom DDoS attack or threat.

ESET says the most influential downloader strain, Emotet continued to be active, with detections seen mainly in Japan and Italy. Also, ESET phishing feeds showed a sixfold increase in shipping-themed phishing URLs, with the most commonly impersonated brands being USPS and DHL.

The Bahamut APT Group Targets Android Users

In November, ESET researchers identified an active campaign targeting Android users, conducted by the Bahamut APT group, a campaign that has been ongoing since the start of this year. Malicious spyware apps are distributed through a fake SecureVPN website that provides only trojanized Android apps to download.

HTTP DDoS attacks have increased by 111% compared to Q3 ’21 and have become cheaper and more accessible to launch – which contributes to their continued growth and presence around the globe

According to ESET, this website has no association whatsoever with the legitimate, multiplatform SecureVPN software and service. Malicious apps used in this campaign can exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as WhatsApp, Facebook Messenger, Signal, Viber, and Telegram.

ESET researchers discovered at least eight versions of the Bahamut spyware, which could mean the campaign is well-maintained. The malicious apps were never available for download from Google Play.

Cyber Geopolitics

Cyberattacks are also reflecting geopolitical tensions. Attacks targeting Taiwanese companies increased nearly 20-fold, and attacks on Russian websites surged 24x compared to last year. In the beginning of October, airports around the US were hit by DDoS attacks from a pro-Russian group called Killnet this week.

Cloudflare CTO, John Graham-Cumming, said, “HTTP DDoS attacks have increased by 111% compared to Q3 ’21 and have become cheaper and more accessible to launch – which contributes to their continued growth and presence around the globe.”

Read more: Cyber loot: Conti RaaS reaped US$180 million in 2021 from ransom payments

Although, the ESET Threat Report T2 2022 states a decline in politically motivated ransomware, as operators turned their attention from Russia back to their usual targets like the US, China, and Israel.

It saw a decline in the total number of RDP attack attempts owing to post-COVID return to offices, improved security, and the Russia-Ukraine war.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

AI Launches: Cybersecurity, AI Agents, product specs, business operating system, automobile, consumer & MSME lending, cloud, data streaming

The Tech Panda takes a look at recent launches in the superfast field of Artificial…

35 mins ago

As India’s tech sector on track to surpass $300 billion, CEO of Ness shares insights into AI’s important role 

The tech sector in India has been going from strength to strength in recent years.…

4 hours ago

Unknown & uncontrolled machine identities within organizations leading to emergence of new identity security challenges

Experts are saying that organizations are inadvertently creating a new identity-centric attack surface through growing…

4 hours ago

Outbound & inbound: India attracts businesses from US & Singapore while expanding to UAE, Europe & Philippines

The Tech Panda takes a look at how India has been attracting foreign businesses from…

1 day ago

The death of paper records: Will AI-driven EHRs eliminate medical errors?

Patient records have long been a collection of handwritten notes, prescription slips, and test results,…

2 weeks ago

The future of contactless hospitality: Balancing convenience with personalization

The fast pace development of the hospitality industry will result in contactless technology adoption, where…

2 weeks ago