In May 2024 [2] [3] [4] [5] [6] [7] [8], ESET researchers identified nine phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland [5] [8], Italy [1] [2] [5] [7] [8], and Romania [1] [2] [5] [7] [8].
Description
These campaigns utilized ModiLoader to distribute malware such as Agent Tesla, Formbook [1] [2] [3] [4] [5] [6] [7] [8], and Remcos RAT [1] [2] [4] [5] [6] [7] [8]. Attackers compromised email accounts and business servers to disseminate malicious emails [4] [5] [6] [7] [8], host malware [4] [5] [6] [7] [8], and steal data. ESET products safeguarded over 26,000 users [8], primarily in Poland, against these threats [5] [8]. The use of ModiLoader as the primary delivery mechanism and the transition from AceCryptor to ModiLoader by attackers in the region were observed. Cybercriminals are increasingly targeting SMBs in Central and Eastern Europe due to their insufficient cybersecurity defenses, with Trojan attacks being the most prevalent cyber threat. These findings highlight the evolving strategies of attackers to avoid detection and the ongoing risk to SMBs in the region. Kaspersky also revealed that SMBs are increasingly targeted by cybercriminals due to their lack of robust cybersecurity measures [4] [7], with Trojan attacks being the most common cyberthreat [4] [6] [7].
Conclusion
The increasing targeting of SMBs by cybercriminals underscores the need for stronger cybersecurity measures to protect against evolving threats. Businesses in Central and Eastern Europe must enhance their defenses to mitigate the risk of falling victim to cyberattacks. The transition to ModiLoader as a primary delivery mechanism by attackers signals a shift in tactics, emphasizing the importance of staying vigilant and adapting to emerging threats in the cybersecurity landscape.
References
[1] https://www.krofeksecurity.com/beware-agent-tesla-and-formbook-malware-targeting-polish-businesses/
[2] https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-investigates-phishing-campaigns-employing-infostealers-against-businesses-in-poland-romania-and-italy/
[3] https://www.welivesecurity.com/en/eset-research/phishing-targeting-polish-smbs-continues-modiloader/
[4] https://vulners.com/thn/THN:328A6318F494D076A90637ED648B8102
[5] https://www.emerce.nl/wire/eset-research-infostealer-phishingcampagnes-richten-zich-bedrijven-polen-roemeni-itali
[6] https://indoguardonline.com/2024/07/30/cybercriminals-targeted-polish-businesses-with-agent-tesla-and-formbook-malware/
[7] https://thehackernews.com/2024/07/cybercriminals-target-polish-businesses.html
[8] https://www.dutchitleaders.nl/news/465573/infostealer-phishingcampagnes-gericht-op-polen-roemeni%C3%AB-en-itali%C3%AB
