Global digital security company ESET has released its latest Threat Report, which summarizes the threat landscape trends seen in ESET telemetry and ESET expert observations from June 2023 to November 2023.
The second half of 2023 saw significant cyber security incidents. Cl0p, a notorious cybercriminal group known for carrying out large-scale ransomware attacks, gained attention through the extensive “MOVEit hack”, which surprisingly did not involve the deployment of ransomware.
Across the IoT landscape, ESET researchers identified a kill switch that had been used to successfully disable the Mozi IoT botnet. Amidst the debate about AI attacks, ESET has identified specific campaigns targeting users of tools such as ChatGPT and the OpenAI API. In terms of spyware, there has been a significant increase in Android spyware cases, which is mainly attributed to the presence of the SpinOk threat.
“The Cl0p attack targeted numerous organizations, including multinational corporations and government agencies in the US. A key change in Cl0p's strategy was its move to leak the stolen information on public websites when the ransom was not paid, a trend also seen with the ALPHV ransomware gang," explains Jiří Kropáč, Director of Threat Detection at ESET .
A new threat against IoT devices, Android/Pandora, compromised Android devices – such as smart TVs, TV boxes and mobile devices – and used them for DDoS attacks. ESET Research also observed a significant number of attempts to access malicious domains with names similar to “ChatGPT”, apparently in reference to the ChatGPT chatbot. Threats addressed through these domains include web applications that insecurely manipulate OpenAI API keys, highlighting the importance of protecting the privacy of users' OpenAI API keys.
Among Android threats, SpinOK spyware is distributed as a software development package and found inside various legitimate Android applications. On a different front, the second most recorded threat in H2 2023 is malicious JavaScript code detected as JS/Agent, which continues to be injected into compromised websites.
On the other hand, the increase in the value of bitcoin has not been accompanied by a corresponding increase in threats against cryptocurrencies, which deviates from previous trends. However, cryptostealers (crypto-stealing malware) have seen a notable increase, driven by the rise of the malware-as-a-service infostealer Lumma Stealer, which targets cryptocurrency wallets.
For more information, you can read the ESET Second Half 2023 Threat Report.