Spain in the Top 10 worldwide for ransomware detections :: TECNONEWS

ESET has published its latest report Threat Reportwhat details cyber threats and trends observed by the company from December 2023 to May 2024, based on its telemetry and the experience of its experts. The results, presented by Josep Albors, director of research and communication at ESET Spain, during a webinar held on May 27, highlight that Spain ranks third in threat detections with 6%near Japan and Poland.

“In Spain, phishing cases are the most common cyberthreats detected during the last six months. These attacks, which seek to steal online service credentials, coincide significantly with global detections, highlighting the persistence and effectiveness of this fraudulent tactic against both individual users and companies.” points out at dawn. “However, there is a sharp decline in activity during holiday periods such as Christmas and Easter, which indicates a seasonality in cyberattacks.”

Infostealers begin to exploit AI and video games

Since 2023, ESET Research has observed a Increase in the use of the topic of Artificial Intelligence by cybercriminals, a trend that is expected to continue. In the first half of 2024, ESET discovered the Rilide Stealer using names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to lure potential victims. In another malicious campaign, the Vidar infostealer hid behind a supposed Windows desktop app of the Midjourney AI image generator, despite the fact that Midjourney’s AI model is only accessible via Discord.

On the other hand, ESET researchers have discovered infostealers in video games hacked and cheat tools for online multiplayer games, with malwares such as Lumma Stealer and RedLine Stealer. The latter showed several detection spikes driven by campaigns in Spain, Japan and Germany. The second most pronounced was on April 24, when a 87% of the detections were in our countryThe recent waves of this malware have been so significant that detections in this semester have exceeded those of the second half of 2023 by a third. “In the case of Spain, infostealers are still very prevalent, being used to steal credentials stored in programs such as internet browsers, email clients, FTP clients and VPN accesses”comments the director of research and awareness at ESET Spain.

LockBit, cyberattacks on websites and the Ebury botnet

In terms of ransomware, the former leader LockBit was knocked off his pedestal by the Operation Chronosa global action coordinated by law enforcement in February 2024. This operation, led by the UK’s National Cybercrime Agency together with Europol and Eurojust, resulted in the arrest of affiliates in Poland and Ukraine, as well as the issuance of multiple international arrest warrants. Despite this significant hit, ESET telemetry has recorded Two notable ransomware campaigns in the first half of 2024 Using LockBit’s leaked code generatorThese campaigns were not carried out by official LockBit affiliates, but by outside gangs who took advantage of the code leak to launch their own offensives.

“In Spain, ransomware remains a serious threat, placing the country in eighth place in the global detection rankings. This type of attack mainly affects small and medium-sized businesses, causing significant financial losses. However, in recent months we have seen some cyberattacks on large companies and we have detected very marked peaks, highlighting specific attacks carried out by ransomware families that occupy the Top 3 of our detection ranking and that represent 50% of the total detections.”Explain at dawn. “Despite international police operations that have dismantled groups such as Lockbit, ransomware campaigns continue to affect the Spanish business sector, highlighting the need to strengthen cybersecurity measures.”

The ESET report also highlights that Injector Ballada group known for exploiting vulnerabilities in WordPress plugins, continued its activity in the first half of 2024, compromising over 20,000 websites and recording over 400,000 visits on the variants used in a recent campaign. Additionally, during the presentation of the report, the company also presented in depth its latest research on one of the most advanced server-side malware campaigns, which continues to grow: The Ebury Group, with its malware and botnet. Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 servers Linux, FreeBSD y OpenBSD; more than 100,000 remained committed to the end of 2023.

For Latest Updates Follow us on Google News


PREV Health: UK doctors infect volunteers with Covid-19 to research the virus
NEXT Ribera disqualifies the hydrocarbon company Biomar for an alleged fraud of more than 200 million in the fuel mix