White Papers

While our writers can never say  for certain that the issues covered in the following articles will come to pass we certainly wish for a less turbulent year in the cybersecurity world. We as well hope that this report will help readers become more aware of the problems that may occur. We are optimistic that a forward-thinking exercise such as Trends 2018 will enable all those    involved with, and concerned about, cybersecurity to contemplate, discuss, and counter current challenges and those to come.

The Stuxnet saga rolls on. And while a lot of talented people have been poring over the code for a while, some questions are still unresolved at this time, despite all the coverage. This report provides an analysis of the notorious Stuxnet worm (Win32/Stuxnet) that attracted the attention of virus researchers recently. It is primarily intended to describe targeted and semi-targeted attacks, and how they are implemented, focusing mainly on the most recent one – Stuxnet. This attack is, however, compared to the Aurora attack, outlining the similarities and differences between the two attacks.

Canadian employees of small and medium-sized businesses (SMBs) are fearful that their business will be unable to handle a cyber-attack. In fact, there is a general lack of confidence among employees when it comes to their organization’s ability to keep the business and its information safe.
Turla is a notorious group that has been targeting governments, government officials and diplomats for years. Although this backdoor has been actively deployed since at least 2016, it has not been documented anywhere. Based on strings found in the samples we analyzed, we have named this backdoor “Gazer”.

The world is changing in front of our eyes. Where facts, truth and honesty were once our most valuable assets, nowadays, alternative-facts, post-truths and outright lies reign. Unfortunately, the cybersecurity industry is no exception to this trend.

In this paper, ESET’s Matthieu Faou and Jean-Ian Boutin look at Read The Manual (RTM), a new group that has emerged on the international cybercrime scene. They cover the details of their tools, whom they target, and offer a rare glimpse into the type of operation they are carrying out.

Among other things, this paper delivers a definition of ransomware is provided; ESET’s detection telemetry is used to see the current trends for this cyberthreat; and detail on the most noteworthy Android ransomware examples since 2014 is provided.

“Our analysis of the current state and evolution of technology reveals one aspect that stands out,” notes ESET Research Laboratories in its annual trends paper. “More and more devices and technologies mean greater challenges when it comes to maintaining information security, regardless of the area of implementation.”

Operation Groundbait (Russian: Прикормка, Prikormka) is an ongoing cyber-surveillance operation targeting individuals in Ukraine. The group behind this operation has been launching targeted and possibly politically-motivated attacks to spy on individuals.

This paper presents ESET’s findings about Operation Groundbait based on our re- search into the Prikormka malware family.

Over the last four decades, the privacy of personal data has been the subject of legislation and litigation in both the US and the EU. Protection of personal data privacy under the law has been shaped by the interests of multiple constituencies: individuals, commercial organizations, government agencies, law enforcement, and national security services.

Ransomware is a growing problem for users of mobile devices. Lock-screen types and fine-encrypting “crypto-ransomware”, both of which have been causing major financial and data losses for many years, have made their way to the Android platform. This report discusses further.