Skip to content

ESET to enhance its MDR offering portfolio: Also bringing additional updates to its existing business offering

ESET enhances its ESET MDR offering portfolio with the introduction of two new subscription tiers, ESET PROTECT MDR and ESET PROTECT MDR Ultimate.
Both subscription tiers of the newly updated ESET business offering are built on top of ESET PROTECT Elite, representing a comprehensive security package.
Additionally, ESET Mobile Threat Defense will be added as a stand-alone module to extend cybersecurity protection to business mobile devices, increasing attack vector coverage to an organization’s entire mobile fleet.
Some further updates for ESET Server Security and ESET LiveGuard Advanced round out the new business offering.

BRATISLAVA, Slovakia — April 29, 2024 — ESET, a global leader in cybersecurity solutions, is proud to announce today the launch of two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTECT MDR Ultimate for enterprises. These tiers are built on the foundation of the ESET PROTECT Elite subscription tier, offering businesses of all sizes the most comprehensive, AI-powered threat detection and response capabilities, in combination with expert human analysis and comprehensive threat intelligence.

ESET’s updated MDR business offering is designed to cater to the specific needs of both SMBs and Enterprises. To that end, ESET PROTECT MDR delivers a comprehensive cybersecurity package, offering 24/7/365 superior protection that addresses the most common challenges of small and medium-sized businesses. This includes modern protection for endpoints, email, and cloud applications, vulnerability detection and patching, and managed threat monitoring, hunting, and response. It addresses the cybersecurity talent shortages and ensures compliance with cyber insurance and regulations, offering a remarkable 20-minute average time to detect and respond, a comprehensive MDR dedicated dashboard and regular reporting for complete peace of mind.

For enterprises, ESET PROTECT MDR Ultimate offers continuous proactive protection and enhanced visibility, coupled with customized threat hunting and remote digital forensic incident response assistance. This comprehensive service is designed to support overstretched SOC teams, providing them with 24/7 access to world-class cybersecurity expertise. It ensures enterprises stay one step ahead of all known and emerging threats, effectively closing the cybersecurity skills gap, and facilitating expert consultations for incident management and containment in a fully managed experience.

ESET also sets itself apart with its own telemetry and unique global coverage, leveraging its detections and ESET Research to gather unique data about attacks, a competitive edge not offered by many players in the market.

“With the update of our business offering, we want to make ESET products accessible to customers without the necessary skill set or resources to operate them, but to also empower organizations to navigate the digital landscape confidently, safeguarded by our expertise and continuous, comprehensive coverage,” stated Michal Jankech, Vice President of SMB and MSP segment at ESET.

Additional updates to the ESET business portfolio

Additionally, all ESET PROTECT subscription tiers starting from ESET PROTECT Advanced are enhanced with the new stand-alone module ESET Mobile Threat Defense (EMTD). It extends attack vector coverage to an organization’s entire mobile fleet, seamlessly integrating into the ESET PROTECT Platform for efficient management, ensuring comprehensive protection for mobile devices. EMTD also includes a Mobile Device Management (MDM) functionality, with added support for Microsoft Entra ID.

Moreover, ESET Server Security introduces a firewall specifically designed for Windows servers, and Vulnerability & Patch Management, offering manual patch management and a 60-second delay of application process kill.

Finally, ESET LiveGuard Advanced now also offers advanced behavioral reports for our detection and response customers, providing an in-depth look into how our cloud sandboxing technology analyzes suspicious files, offering better visibility and context for security operators like cybersecurity and threat analysts, security engineers, or threat responders.

“This significant launch underscores ESET’s unwavering dedication to delivering superior protection and services, effectively responding to the dynamic challenges faced by customers to stay one step ahead of threats,” added Michal Jankech, Vice President of SMB and MSP segment at ESET.

For more detailed information about ESET and its updated portfolio, please visit the dedicated offering pages for SMBs and Enterprises.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Prevention-first security begins with data-enhanced insight: Meet ESET Threat Intelligence

Supporting threat hunters and incident response teams with hands-on data is crucial, as it not only safeguards organizations but provides the basis for a proactive prevention-first security strategy.

In recent years, a significant number of cyberattacks have been ransomware related and, despite fluctuations in frequency and intensity, they remain one of the most prevalent and feared security threats. 

Ransomware attacks are highly orchestrated, but what makes them particularly insidious is that they are not merely automated programs running rampant through systems without direction but are often controlled minute-by-minute by human attackers. Once attackers utilize various Trojans to deploy the necessary tools, they meticulously navigate dozens of steps in search of valuable information within the compromised network. From there the options left open to defenders narrow, then increasingly become measures focused on mitigation — or worse, remediation.

The selection of “measures” is very much based on a keen understanding of the threats faced and any associated peculiarities, whether they be unique processes around privilege escalation or credential access techniques that enable cybercriminals to retrieve sensitive information until they can exfiltrate what they deem valuable. Every day, ESET Threat Intelligence (ETI) processes hundreds of millions of indicators of compromise (IOCs), akin to a database of clues left by cyber-intruders while they crawl through a victim’s network.

Preventing these chains of attacks is crucial since they can have long-lasting consequences, going beyond mere financial loss or data breach. They can provide leverage for future attacks and can sap the capacity and impact of defenders’ work across an organization’s entire threat surface. Working to avoid the narrowing of options means taking a prevention-first approach, putting in place preventive measures that stop ransomware payloads from reaching the endpoints. This process starts with insight and intelligence.

Putting threat intelligence to work

Researchers, SOC teams, threat hunters, and even curious prevention-minded admins can benefit from the types of threat intelligence that inform everything from replicated attack scenarios that aid red and blue team network defenders to security strategies, prevention measures, and detection and response incident triage.

ESET Threat Intelligence comes to users in highly accurate, curated, and actionable formats that amount to an up-to-date technical manual that enables customers to logically pursue a prevention-first approach to security.  Specifically, both (wider) industry and ESET Threat Intelligence data are compiled and ready to be paired with observations made via other tools, including XDR, SIEM, and/or SOAR, to prevent damages from (for example) ransomware and any subsequent extortion from taking place.

Users employing data/intel gathered in ETI for their inspection and/or monitoring of security incidents is just one way to create better-informed operators. In this use case, operators, increasingly supported by automation, can more consciously interact with incidents from an XDR’s triage system, for example, executables, malicious processes, computers, and threat indicators. From there, various forms of mitigation can be conducted in an informed, systematic, and prioritized manner. Specifically, an ESET user might employ ETI to cross-reference relevant data to better understand the actions necessary to perform in ESET INSPECT* (the XDR-enabling module of the ESET PROTECT platform).

The ransomware case here puts into focus why ESET Threat Intelligence, with its APT reports, unique data feeds, dashboard, and portal, has grown in popularity.

*ESET Threat Intelligence and ESET INSPECT (detection & response module) are not currently integrated via the ESET PROTECT platform.

Threat Intelligence – the tricks & trade of ransomware

In late 2023, ESET observed the SmokeLoader malware family, a generic backdoor with a range of capabilities that depend on the modules included in any given build of the malware, being utilized as one of the multiple variants packed by AceCryptor, a crypto service used worldwide by cybercriminals to obfuscate malware. SmokeLoader is deployed to download and execute the final payload of an attack discreetly, to evade security measures, making it crucial to rely on robust cyber defense mechanisms.

Defenders can specifically utilize ETI’s backend tracking systems to support an improved understanding of threats and apply their learnings to both prevention and proactive defense processes. ETI assembles all the clues needed to deploy prevention mechanisms and, when necessary, effectively mitigate against malware like SmokeLoader. Importantly, ETI’s benefits are vendor agnostic, so businesses already running alternate SIEM/SOAR products, including Microsoft Azure Sentinel, OpenCTI, IBM QRadar, Anomali and ThreatQuotient (outside of the ESET PROTECT ecosystem) can also gain from ETI’s unique data stream via our API.

This means that a wider spectrum of curious, prevention-minded admins can now turn to the main ESET research findings and other relevant data. These are published in regular reports on the ETI platform and portal and are accessible in specific territories, with ESET continuously working to expand their availability.

Delivering data to stop an attack before it happens

As with the SmokeLoader data, ETI clusters data on a wide spectrum of malware, finds similarities or particularities, highlights what stands out, and monitors attack chains and any changes in TTPs. This automation occurs in real time, continuously updating all feeds to provide end customers with the most important and immediately actionable intel on threats targeting them. These outputs are also synthesized into specific APT reports, which ensures customers receive pertinent information without being overwhelmed by excessive data.

 

ESET Threat Intelligence provides its data feeds to customers through the TAXII server, integrating it directly into their current systems, for example, Microsoft Sentinel or the OpenCTI Threat Intelligence Platform. The feeds cover various aspects of cybersecurity, including tracking malicious files, botnets, and APTs; identifying potentially harmful domains or URLs and IPs considered malicious; and tracking the associated data. To ensure compatibility and easy integration, the feeds are provided in widely used formats, such as JSON and STIX 2.1.

Fighting malicious activity

Preventing multifaceted threats from impacting your network, business continuity, and/or reputation requires a comprehensive and always up-to-date knowledge base. Thus, moving beyond the technical defenses against ransomware and other malware, security operators at organizations must adopt a knowledge-based security culture that puts learning on level with action.

 

The cornerstones of security are particularly essential at public and private institutions that depend on well-developed SOC teams, threat hunters, and security operators that have both technical skills and access to the ever-growing body of work on threat actors, system configuration, and an understanding of what is and isn’t working.

These cornerstones are where ESET Research employs its long history of collaboration with law enforcement agencies, the Joint Cyber Defense Collaborative, and even its work with “No More Ransom” to communicate our views on ransomware, fight threats at large, and inform how and why we’ve built our threat intelligence platform, ETI.

Explore your use case for ETI via ESET API, ESET APT reports, the ETI data feed, or a comprehensive toolset for an ESET-powered prevention-first approach.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Should the cybersecurity world prepare for AI-based critical infrastructure attacks?

Imagining a future, in which anyone could be attacked by an intelligence beyond the means of  humans is rather scary. Perhaps that’s why AI is better imagined as another tool to support people’s work. Again, however, the combined capability of such a human actor is also of concern, especially if said actor does not have their community’s best interests in mind.

With AI becoming increasingly important, just like companies, people race to figure out how it could be used to serve their own purposes, supporting their endeavors. Specifically in the field of cybersecurity, AI can serve both a constructive, but also a destructive role, with the former meaning the support of better cyber defense, and the latter attempting to cripple said cyber defenses.

Of specific concern is the potential for cyberattacks on critical infrastructure to become more widespread. Critical infrastructure, usually considered to include power generation and electrical grid, hospitals and healthcare systems, and the global supply chain, could also include digital supply chains and the internet itself. Depending on the specific needs, resources, and development level of a nation, critical infrastructure represents all the systems, networks, and assets that are essential, with their continued operation required to ensure the security of a given state, its economy, and the public’s health or safety. As the idea behind the attacks is to weaken adversaries by crippling their day-to-day business, an effective AI tool could, hypothetically, help bad actors commit attacks, or even increase the pool of potential attackers, by making malware coding easier. However, not everyone shares the same opinion.

The role of AI – can hacking become easier?

According to an interview with ESET security researcher Cameron Camp, we are not really close to “full AI-generated malware,” though ChatGPT is quite good at code suggestion, he says, generating code examples and snippets, debugging, and optimizing code, and even automating documentation.

He agreed that ChatGPT could be used as a handy tool to assist programmers, one that could serve as a first step toward building malware, but not yet, as it is currently rather shallow, makes errors, creates bogus answers and is not very reliable for anything serious.

Nonetheless, Mr. Camp highlighted three areas, which might be interesting from the perspective of language models:

More convincing phishing – From probing more data sources and combining them seamlessly to create specifically crafted emails where clues to their malicious intentions would be very difficult to detect, readers will be hard-pressed not to fall for social engineering. Nor will people be able to spot phishing attempts simply due to sloppy language mistakes, as they could have convincing grammar.

More specifically, spear-phishing could become even more convincing, as tailor-made emails or messages, even including personalized emotional triggers, could become easier to construct thanks to AI help. These abilities will be further supported by with multilingual text-generating options, such methods might work on a wider, global scale, which in case the targeting of critical infrastructure of several states at once would serve a useful purpose.

Ransom negotiation automation – Smooth-talking ransomware operators are rare, but adding a little ChatGPT shine to the communications could lower the workload of attackers seeming legit during negotiations. This will also mean fewer mistakes that might enable defenders to home in on the true identities and locations of the operators.

Furthermore, thanks to easier video and voice generation with AI (see example here), malicious actors could become anyone, hiding their identities more efficiently. In fact, concerns about AI have become so widespread in this area that many professionals want to stipulate in their contracts a ban on the use of their work for AI purposes.

And if you don’t believe this, check out this video of President Biden, Trump and Obama discussing a videogame, all AI-generated, of course. Imagine how, during a ransomware attack, an online intruder could imitate a highly placed official to ask for access to a network or a system remotely…

Better phone scams – With natural language generation getting more natural, scammers will sound like they are from your area and have your best interests in mind. This is one of the first onboarding steps in a confidence scam: sounding more confident by sounding like they’re one of your people.

As long as scammers generate the right natural cadence to a person’s voice, they can easily fool their victims, but the problem with any AI-generated content today is that there is an inherent, let’s say, ‘artificiality’ to it, meaning that despite these voices, videos or text looking legit, they still harbor some specific mistakes or issues that are easy to spot, like how ChatGPT makes false statements or how its responses might seem like it is just regurgitating a Wikipedia page.

However, all of this does not mean that generative AI cannot be used for brainstorming, to create a base for some work, however, the correctness of the information one is provided should still be checked. The legal ramifications of using AI-generated content (sourced from the net) might also be something to consider.

Critical Infrastructure vs. AI – emerging legislation

As AI starts to play an increasingly important role in cybersecurity, businesses and governments will need to accommodate and use AI to their own advantage – as crooks will definitely try to do the same. From a July 2022 report by Acumen Research and Consulting, the global AI market was $14.9 billion in 2021 and is estimated to reach $133.8 billion by 2030.

Thanks to the growing use of the Internet of Things and other connected devices, cloud-based security services could provide new opportunities for the use of AI. Antivirus, data loss prevention, fraud detection, identity and access management, intrusion detection/prevention systems, and risk and compliance management services already use tools like Machine learning to create more resilient protection.

On the flip side, bad actors could also use AI to their advantage. With a large enough market of smart AI, crooks could easily use it to identify patterns in computer systems to reveal weaknesses in software or security programs, enabling them to exploit those newly discovered weaknesses.

So, critical infrastructure could become one of the targets. With AI attacking and defending it, going for a tit-for-tat, security actors and governments will have to remain smart. The European Union is already trying to assess the risks by proposing the EU AI Act, to govern its use in Europe, classifying different AI tools according to their perceived level of risk, from low to unacceptable. Governments and companies using these tools will have different obligations, depending on the risk level.

Some of these AI tools may be considered high risk, such as those used in critical infrastructure. Those using high-risk AIs will likely be obliged to complete rigorous risk assessments, log their activities, and make data available to authorities to scrutinize to increase compliance costs for companies.  In case a company breaks the rules, the fine would likely be around 30 million euros or up to 6% of their global profits.

Similar rules and ideas are included within the recently proposed EU Cyber Solidarity Act, as government officials try to stay ahead of critical infrastructure attacks.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Announces Integration with Arctic Wolf to Deliver Next-Gen Detection and Response for Businesses

  • ESET Inspect has been integrated into Arctic Wolf’s Managed Detection and Response solution to provide proactive defense via their cloud-native platform and human expertise
  • Arctic Wolf customers will gain access to real-time global telemetry, detailed reports and actionable insights that arm them against more diverse and sophisticated attacks
  • The integration marks an important milestone for ESET as it expands its integrations platform and collaborates with best-in-class technology companies

BRATISLAVAApril 24, 2024ESET, a global leader in next-gen digital security for business, today announced a new integration with Arctic Wolf, a global leader in security operations, to ensure increased visibility and protection against modern threats. By integrating ESET Inspect into Arctic Wolf’s Security Operations Platform, Arctic Wolf customers are able to enhance their security posture – aggregating vast amounts of data from diverse, global sources.

“Businesses today and the channel community are demanding technology ecosystems that simplify cybersecurity management, offer complete visibility across a variety of attack surfaces, and bring industry leaders together under one architecture,” said Trent Matchett, Director of Direct Channel
Global Sales at ESET. “We have invested significantly in the ESET PROTECT Platform and an open API gateway to empower an impressive catalogue of integration partners moving forward. Arctic Wolf is one of the most trusted MDR vendors in the world, and an exciting milestone for our integrations program.”

Arctic Wolf helps organizations end cyber risk by providing a cloud-native security operations platform, with solutions that include Managed Detection and Response, Managed Risk, Managed Security Awareness, and Incident Responses, each delivered through the industry-pioneering Concierge Delivery Model. Arctic Wolf’s Concierge Delivery Model provides tailored risk mitigation guidance and security insights based on the telemetry of the customer’s tech stack, like ESET Inspect, to keep an organization’s environment safe.

“Arctic Wolf and ESET share the common belief that embracing openness and interoperability are essential for helping to deliver the positive cybersecurity outcomes that organizations demand,” said Ian McShane, VP of Managed Detection and Response at Arctic Wolf.  “The new ESET PROTECT Platform API allows ESET Inspect data to seamlessly integrate with the Arctic Wolf Platform, that when combined with the telemetry from other security tools, ensure Arctic Wolf customers get holistic protection against an ever-evolving threat landscape.”

As a result of this integration, Arctic Wolf customers will gain access to:

  • Real-time Incident Response, including Post-Incident Analysis and Remediation:
    ESET Inspect will enable the detection of suspicious activity on a client’s endpoint, sending alerts to Arctic Wolf, who can then conduct a security investigation, confirming the threat and then employing immediate response followed by an analysis of the acquired data to assess the damage and prepare for future threats.
  • Regulatory Compliance:
    Because clients must comply with several regulatory standards that can require detailed logs of all activity on their endpoints, ESET Inspect will provide these logs so that Arctic Wolf can help their customers ensure compliance.
  • Managed Security for Resource Constrained Organizations :
    Many organizations often lack the resources to house internal security teams, so they contract an outside partner like Arctic Wolf to assist with their cyber defenses. Thanks to ESET Inspect and its data, Arctic Wolf customers will be better equipped to provide a high level of security to organizations of almost any size without them having to hire and train their own security personnel.

ESET Inspect acts as the XDR-enabling module of the ESET PROTECT platform, delivering breach prevention, enhanced visibility and remediation. ESET Inspect is a comprehensive detection and response with rich features such as: incident detection, incident management and response, data collection, indicators of compromise detection, anomaly detection, behavior detection and policy violations. For more information on ESET Inspect, visit here.

For more information on ESET’s investment on API integrations and opportunities to partner, visit here.

Find more information about how Arctic Wolf can help organizations end cyber risk here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Spray-and-pray tactics get an upgrade. MSPs face advanced phishing

Cybercriminals leverage AceCryptor and Rescoms (RAT) to upgrade spam phishing messages difficult to recognize by both humans and machines. To defend, MSPs automate protection. 

When cybersecurity experts and vendors describe phishing attacks, they usually split them into two big groups.

The first group consists of spam campaigns targeting a broad general audience with simple fraudulent messages. This approach has a low success rate but can be easily deployed en masse. The second group involves sophisticated attacks tailored for a specific person or group of people. This requires more time and planning; however, this effort pays off with higher success rates and/or other value that attackers derive.

But there are also attacks that stand somewhere in the middle and benefit from both approaches. For example, their fraudulent messaging is simple and can target broader audiences, but at the same time they are able to avoid the usual phishing red flags, largely because malicious email attachments are obfuscated with specialized tools.

ESET researchers documented such an attack when they discovered an email phishing campaign targeting European businesses.

Advanced phishing campaigns using AI and various evasion techniques are on the rise and can pose a challenge even for managed service providers (MSPs), which aim to deliver seamless IT services, including cybersecurity, to their customers while also keeping in mind their own protection. Risk from these types of campaigns are mounting because even the most focused employees may fall victim to malicious emails despite previous awareness training. Moreover, basic types of anti-phishing protection may be unable to detect these threats.

To address these risks, ESET has beefed up the prevention capabilities, incorporating advanced Anti-Malware, Antispam, and Anti-Phishing protection into ESET PROTECT, a formidable cyber threat prevention, detection, and response platform that MSPs can utilize. Having all these automated layers of protection in one service, ESET PROTECT minimizes the email attack surface, simultaneously reducing the complexity of subsequent security processes.

The most prevalent attack

Year after year, numerous surveys and reports confirm that phishing is the most prevalent attack vector.

The latest ESET H2 2023 Threat Report shows that malicious HTML files sending victims to phishing websites (HTML/Phishing.Agent trojan) remain by far the most numerous type of email threat. Overall, these attacks comprise almost a quarter (23.4 percent) of all cyber threats detected by ESET.

When it comes to the business sector, one in four U.S. companies that faced a cyberattack noticed that the initial vector was phishing in 2022.

Between 2017 and 2023, the proportion of phishing attacks among all cyberattacks reported by U.K. organizations (businesses and charities) rose from 72% to 79%, according to a survey conducted by the U.K. Department for Science, Innovation and Technology. Also, 56% of the surveyed businesses responded that they consider phishing attacks as the most disruptive that businesses face.

Phishing doesn’t have to be simple

Many of these phishing campaigns can be easily dodged by following simple awareness advice. However, as with most things in the world of IT, things are getting more complex and sophisticated — so is phishing.

ESET researchers spotted one of the latest examples of this trend just recently when monitoring the Remote Access Trojan (RAT) Rescoms, also known as Remcos.

RATs are malware that allows attackers to remotely control an infected computer, and ESET researchers discovered several recent email phishing campaigns using Rescoms and targeting businesses in European countries, including Spain, Poland, Slovakia, Bulgaria, and Serbia.

The goal of those campaigns of an unknown actor was to obtain credentials stored in browsers or email clients, which in case of a successful compromise would open the possibility for further attacks.

What makes these Rescoms campaigns special is that they use AceCryptor, a cryptor-as-a-service malware that is designed to hide other malware from cybersecurity tools.

In H2 2023, ESET detection engines saw and blocked over double the attacks using AceCryptor in comparison with H1 2023.

Moreover, this cryptor wasn’t the only tool that did its bit. In order to make phishing emails look as credible as possible, the threat actor deployed several strategies:

  • All emails look like B2B offers for the victim companies.
  • Email addresses used to send spam emails were imitating domains of other companies.
  • Business email compromise (BEC) was involved in multiple campaigns — attackers abused previously compromised email accounts of other company employees to send spam emails.
  • Attackers did their research and used existing companies and even existing employees’/owners’ names and contact information when they were signing those emails.
  • The content of emails was in many cases quite elaborate.

Translated message:

Dear Sir,

I am Sylwester [redacted] from [redacted]. Your company was recommended to us by a business partner. Please quote the attached order list. Please also inform us about the payment terms.

We look forward to your response and further discussion.

Best Regards,

How to defend

Because regular cybersecurity awareness training for employees may not be enough, and MSPs often need to take care not only about their protection but also their clients’ protection, the answer to this situation must be multilayered protection.

The main idea is to protect businesses during several stages of the attack — when a malicious email arrives in the mailbox, when an employee opens it, when they click on an attached link or file, and when malware enters the company’s system if all previous defenses were avoided.

For example, look at the multilayered protection incorporated in the ESET PROTECT Platform:

  • Anti-Spam technology filters spam messages with almost 100% accuracy.
  • Anti-Phishing prevents users from accessing web pages known for phishing by parsing message bodies and subject lines to identify URLs. URLs are then compared against the phishing database and rules to determine the presence of a phishing attempt.
  •  Anti-malware scans email attachments to determine whether it is malicious, unknown, or safe.
  • ESET’s in-product Sandbox assists in identifying the real behavior hidden underneath the surface of obfuscated malware.
  • If ESET Mail Security is unsure of the potential threat, it can forward the attachment to the proactive cloud-based threat defense tool called ESET LiveGuard Advanced. It analyzes samples in a cloud sandbox, and then submits the result back to Mail Security within minutes.
  • If the malicious attachment is opened, it will face ESET Endpoint Security monitoring and evaluating all executed applications based on their behavior and reputation. It is designed to detect and block suspicious processes.

Such multilayered and automated protection can detect even advanced phishing email threats such as the recent Rescoms campaigns. In fact, ESET PROTECT placed second in the latest AV-Comparatives Awards with 99.9% malware samples blocked with zero false positives in enterprise category. Overall, ESET received a Top-Rated Product Award in 2023.

Battling alert fatigue

An important part of an MSPs’ defense is also mitigation of alert fatigue, a situation where IT admins are so overwhelmed by alerts that they miss or ignore serious issues.

To make MSPs admins’ lives easier, the ESET PROTECT Platform allows admins to automate a variety of actions, including the resolution of sophisticated incidents. ESET also has complex MSP program with subscription flexibility, a unified ecosystem, automated responses, and integrations with the major RMM and PSA players.

All these efforts have been proven to decrease disruptions in daily workflow of ESET customers:

“Day-to-day life doesn’t tend to get overly disrupted with ESET, which is brilliant for the help desk. They don’t want to be receiving calls, truth be told. But we want to be ensured that we are on top of things, and our customers can work without having to chew up too much of our time,” says Andrew Owens, Head of Sales in Risc IT Solutions, a cloud solutions provider cooperating with ESET for the last 10 years.

Mastering vigilance without burnout

It is estimated that there are 361 billion emails sent and received daily around the world, with more than 45 percent of them spam. With such a plentiful threat landscape, it is important for businesses to be prepared for attacks on an almost daily basis without wearing down the IT team.

Having a highly automated security ecosystem from a global leader in digital security is a great way to master vigilance in the world of constant cyberthreats.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×