ESET Threat Report Q2 2020

ESET Threat Report Q2 2020

A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts



With half a year passed from the outbreak of COVID-19, the world is now trying to come to terms with the new normal. But even with the initial panic settled, and many countries easing up on their lockdown restrictions, cyberattacks exploiting the pandemic showed no sign of slowing down in Q2 2020.


Our specialists saw a continued influx of COVID-19 lures in web and email attacks, with fraudsters trying to make the most out of the crisis. ESET telemetry also showed a spike in phishing emails impersonating one of the world’s leading package delivery services – a tenfold increase compared to Q1 – and targeting online shoppers. The rise in attacks targeting Remote Desktop Protocol (RDP) – the security of which still often remains neglected – continued in Q2, with persistent attempts to establish RDP connections more than doubling since the beginning of the year. 


One of the most rapidly developing areas in Q2 was the ransomware scene, with some operators abandoning the – still quite new – trend of doxing and random data leaking, and moving to auctioning the stolen data on dedicated underground sites, and even forming “cartels” to attract more buyers. 


Ransomware also made an appearance on the Android platform, targeting Canada under the guise of a COVID-19 tracing app. ESET researchers quickly put a halt to this campaign and provided a decryptor for victims. Among many other findings, our researchers uncovered Operation In(ter)ception, which targeted high-profile aerospace and military companies; revealed the modus operandi of the elusive InvisiMole group; and dissected Ramsay, a cyberespionage toolkit targeting air‑gapped networks. 


Besides offering recaps of these findings, this report also brings exclusive, prev ..