ESET T3 Threat Report 2022
A view of the T3 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
In 2022, an unprovoked and unjustified attack on Ukraine shocked the world, bringing devastating effects to the country and its people. The war continues to affect everything from energy prices and inflation to cyberspace, which has been monitored extensively by ESET researchers and analysts throughout the year.
Among the visible effects in cyberspace, the ransomware scene is experiencing some of the biggest changes. Since the invasion’s inception, we’ve seen divisions among ransomware operators, with some supporting and others opposing this aggression. Attackers have also used increasingly destructive tactics, such as deploying wipers that mimic ransomware and encrypt victims’ data without the intention of providing decryption keys.
As you will read in the ESET Threat Report T3 2022, war has also influenced brute-force attacks against exposed RDP services, with these attacks taking a sharp nosedive in 2022. Another factor that may have contributed to this slump, besides war, is the decline in jobs remote control, better setup and countermeasures by enterprise IT departments, and new brute-force blocking features built into Windows 11. Most RDP attacks detected in 2022 originate from Russian IP addresses.
Even with the decline in RDP attacks, password guessing was still the most preferred network attack vector in Q3 2022. And although a workaround for the Log4J vulnerability was available since December 2021, it still took second place in the ranking of external intrusion vectors. Various crypto threats are affected by the drop in cryptocurrency exchange rates on the one hand and soaring energy prices on the other hand. While traditional crimeware such as cryptostealers and cryptominers are in decline, cryptocurrency-related scams have experienced a resurgence: cryptocurrency-themed phishing websites blocked by ESET products increased by 62% in T3, and the FBI recently issued an alert about a new crypto surge. – investment scheme.
The many holidays celebrated in December lead to an increase in phishing activity disguised as online shops, as people buying gifts online are very lucrative targets for cybercriminals. And when mobile game developers roll out new releases before the Christmas season, attackers exploit the hype by uploading their maliciously modified versions to third-party app stores. In contrast, we observed a significant increase in Android adware detection in Q3 2022.
The Android platform has also seen an increase in spyware over the years, due to easily accessible spyware kits available in various online forums and used by amateur attackers. And while overall infostealer detections are likely to fall in Q3 and throughout 2022, banking malware is an exception, with detections doubling in year-over-year comparisons.
The final months of 2022 were filled with exciting ESET research findings. Our researchers uncovered MirrorFace’s spearphishing campaign against a well-known Japanese political entity, and a new ransomware called RansomBoggs that targets multiple organizations in Ukraine and has Sandworm fingerprints on it. ESET researchers also uncovered a campaign by the well-known Lazarus group that targeted its victims with spearphishing emails containing documents with fake job offers; one of the lures was sent to an aerospace company employee. Regarding supply chain attacks, we found a new wiper and execution tool, both of which we associate with the Agrius APT group, which are aimed at users of Israeli software suites used in the diamond industry.
As usual, ESET researchers take many opportunities to share their expertise at conferences, appearing on AVAR, Ekoparty and others, where they dive deep into the technical aspects of most of the aforementioned ESET Research findings. For the months ahead, we’re excited to invite you to ESET talks on Botconf, RSA Conferences, and more.
I wish you reading insight.
If you don’t want to read the full report, you can also listen to the audio version via ESET Research Podcasts, where ESET Security Awareness Specialist Ondrej Kubovic and ESET Distinguished Researcher Aryeh Goretsky investigate the findings mentioned in the latest issue. If you don’t want to miss new episodes of the ESET Research Podcast, subscribe via Spotify, Google Podcasts, Apple Podcastsor PodBeans.
Follow ESET Research on Twitter for regular updates on top trends and top threats.