Η ESET published the Threat Report for 1ο Semester 2023, which presents trends in the threat landscape captured by the company's detection systems from December 2022 to May 2023.
In the 1st half of 2023, we have seen developments that highlight the remarkable adaptability of cybercriminals and the exploitation of new attack methods: through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information and deception. One of the reasons for the changes in attack patterns is the stricter security policies introduced by the Microsoft, especially when it comes to opening macro files. Her telemetry data ESET also suggest that the operators of the once infamous botnet Emotet they struggled to adjust to the shrinking attacks possibly indicating that a different team got it botnet.
In his field ransomware, the perpetrators were reusing previously leaked source code to create new variants ransomware. During the first half of 2023, sexual extortion scam emails (sextortion) also came back ESET noticed an alarming increase in the number of fraudulent loan applications for Android.
According to the threat report, in an attempt to bypass its security measures Microsoft, in the first half of 2023, attackers replaced the macros of Office Manager with weaponized archives OneNote, taking advantage of the ability to embed scripts and files directly into the OneNote. In response, Microsoft adjusted the default setting, prompting cybercriminals to continue to look for alternative attack methods, by intensifying attacks brute-strength against the servers Microsoft SQL possibly be one of the tried-and-tested replacement approaches.
“Regarding the source code leak of the ransomware of families such as Babyk, lockbit and Accounts, these allow amateurs to participate in activities ransomware, but at the same time they allow us as defenders to cover a wider range of variations with a more general or known set of detections and rules" says Roman Kováč, head of its research ESET.
While threats against cryptocurrencies are steadily decreasing in its telemetry ESET, cryptocurrency-related cybercriminal activities continue to exist, with cryptomining capabilities (cryptomining) and crypto theft (cryptostealing) are increasingly incorporated into more flexible malware strains. This development follows a pattern seen in the past, such as when malware keylogger was initially identified as a separate threat, but eventually became a common feature of many malware families.
Looking at other threats that focus on financial gain, her researchers ESET they noticed the return of the so-called Email fraud sextortion, which exploit people's fears about their online activities, as well as an alarming increase in fraudulent loan applications for Android that masquerade as legitimate personal loan services and take advantage of vulnerable people with urgent financial needs.