ESET Threat Report T3 2021: Ransomware, Log4j, and Email Threats Surge

The ESET Threat Report T3 2021 covers a turbulent final quarter of 2021, with ransomware activity peaking, new vulnerabilities being exploited at speed, and email threats doubling in volume. Based on telemetry from September to December 2021, the report offers insight into how cybercriminals adapted to global events, cryptocurrency trends, and newly discovered flaws like Log4j.

Ransomware dominated the landscape, with major incidents involving Sodinokibi, Hive, and the debut of new families like AtomSilo and Yanluowang. The biggest ransom demand hit USD 240 million, while the leak of Babuk source code led to the creation of Rook ransomware.

The Log4j vulnerability, though only discovered in December, quickly became the fifth most common external attack vector of the year. Meanwhile, Microsoft Exchange servers remained under siege via ProxyShell exploits, following a wave of ProxyLogon activity earlier in 2021.

The ESET Threat Report T3 2021 also highlighted a 428% year-on-year surge in Android banking malware, and an 897% increase in blocked RDP attack attempts. Cryptocurrency-targeting malware rose alongside the booming value of bitcoin and growing interest in NFTs.

Email threats, led by phishing campaigns, more than doubled in volume, further enabled by Emotet’s return with support from Trickbot. On the research front, ESET uncovered new threats like FontOnLake, a real-world UEFI bootkit named ESPecter, and shared findings on APT groups including OilRig and the Dukes.

With rising sophistication across all fronts, the report underscores the need for continuous vigilance and timely patching across infrastructure, apps, and user behavior.

Click here to read the full T3-2021 Threat Report by ESET