A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of an ESET threat detection and research expert
We are pleased to present the latest issue of ESET Threat Report, which brings changes aimed at making its content more engaging and accessible. One important modification is our new approach to data presentation: rather than detailing all data changes in each detection category, our intention is to provide a more in-depth analysis of selected and important developments. For those looking for a comprehensive overview of the telemetry data associated with each category, we’ve included a full range of charts and figures in the dedicated Threat Telemetry section.
Another important update is the change in publication frequency, moving from a triannual to a semiannual release schedule. In this issue, we focus on the H1 2023 highlights, covering the period from December 2022 to May 2023. When comparing this period to Semester 2 2022, we are referring to the timeframe from June 2022 to November 2022.
In Semester 1 2023, we observed trends highlighting the incredible adaptability of cybercriminals and the relentless search for new paths to achieve their nefarious ends – whether through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, or defrauding individuals. One of the reasons for the shift in attack patterns is the stricter security policies introduced by Microsoft, particularly in opening files that support macros. In a new attempt to bypass these steps, attackers replaced macros with weaponized OneNote files in Semester 1 2023, taking advantage of the ability to embed other files directly into OneNote. In response, Microsoft readjusted, encouraging cybercriminals to continue exploring alternative intrusion vectors, with intensifying brute-force attacks against Microsoft SQL servers which may be one of the approaches tested.
Our telemetry data also shows that operators of the once-famous Emotet botnet have struggled to adapt to a shrinking attack surface, possibly indicating that another group is acquiring the botnet. In the ransomware arena, actors are increasingly reusing previously leaked source code to create new ransomware variants. While this allows amateurs to engage in ransomware activity, it also allows defenders like us to cover a wider range of variants, including emerging ones, with a more general set of rules and detections.
Although the threat of cryptocurrencies continues to decline in our telemetry – not even resurrected by the recent increase in the value of bitcoin – cybercrime activity related to cryptocurrencies continues to persist, with the capabilities of crypto mining and crypto theft being increasingly fed into more versatile types of malware. . This evolution follows a pattern observed in the past, when malware such as keyloggers were initially identified as a separate threat, but eventually became a common capability of many malware families.
Looking at other threats focused on financial gain, we observed a return of so-called sextortion email scams, exploiting people’s fears regarding their online activities, and an alarming growth of deceptive Android loan apps masquerading as legitimate personal loan services, exploiting vulnerabilities. individuals with urgent financial needs.
I wish you reading insight.
Follow ESET Research on Twitter for regular updates on top trends and top threats.