ESET Threat Report Q3 2020

ESET Threat Report Q3 2020

A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts



As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to have gone “back to basics” in Q3 2020.  An area where the effects of the pandemic persist, however, is remote work with its many security challenges.


This is especially true for attacks targeting Remote Desktop Protocol (RDP), which grew throughout all H1. In Q3, RDP attack attempts climbed by a further 37% in terms of unique clients targeted – likely a result of the growing number of poorly secured systems connected to the internet during the pandemic, and possibly other criminals taking inspiration from ransomware gangs in targeting RDP.


The ransomware scene, closely tracked by ESET specialists, saw a first this quarter – an attack investigated as a homicide after the death of a patient at a ransomware-struck hospital. Another surprising twist was the revival of cryptominers, which had been declining for seven consecutive quarters. There was a lot more happening in Q3: Emotet returning to the scene, Android banking malware surging, new waves of emails impersonating major delivery and logistics companies…


This quarter’s research findings were equally as rich, with ESET researchers: uncovering more Wi‑Fi chips vulnerable to KrØØk-like bugs, exposing Mac malware bundled with a cryptocurrency trading application, discovering CDRThief targeting Linux VoIP softswitches, and delving into KryptoCibule, a triple threat in regard to cryptocurrencies.


Besides offering recaps of these findings, this report also brings exclusive, previously unpublished ESET research updates, with a special focus on APT group operations – see the News From the Lab and APT Group Activity sections ..