The ESET Threat Report H2 2023 is now available, shedding insight on the dynamic and evolving threat landscape based on ESET analytics. [ Download here ]
Notable cybersecurity incidents captured the attention of experts, with significant shifts observed in the strategies employed by threat actors across various domains.
The report notes that ransomware took center stage as the notorious Cl0p cybercriminal group executed the extensive “MOVEit hack,” targeting a wide array of organizations, including global corporations and US governmental agencies. This attack was surprising as it did not involve the typical ransomware deployment. Instead, the group opted to leak stolen information on open worldwide websites when ransom demands were not met. This trend was also mirrored by the ALPHV ransomware gang, signifying a shift in tactics within the ransomware landscape.
In the realm of IoT, researchers identified a kill switch that effectively neutralized the Mozi IoT botnet, a significant discovery considering the botnet’s substantial size over the past three years. However, the circumstances surrounding the botnet’s sudden downfall raise questions about the origin of the kill switch, prompting speculation about potential involvement from the botnet creators or Chinese law enforcement. Furthermore, the emergence of the Android/Pandora threat posed a new challenge by compromising Android devices for DDoS attacks, encompassing smart TVs, TV boxes, and mobile devices.
The report also highlighted the increasing prevalence of AI-enabled attacks, with specific campaigns targeting users of tools like ChatGPT. Notably, there were numerous attempts to access malicious domains resembling “chapgpt,” indicating a concerted effort to exploit vulnerabilities associated with the ChatGPT chatbot. The rise in Android spyware cases, attributed to the SpinOk spyware distributed within legitimate Android applications, underscored the need for heightened vigilance and security measures.
The persistence of threats such as three-year-old malicious JavaScript code (JS/Agent) and the Magecart threat targeting unpatched websites emphasized the critical importance of implementing robust security measures to mitigate potential risks. Despite the increasing value of bitcoin, the report revealed a deviation from past trends, as the corresponding increase in cryptocurrency threats did not materialize. However, the rise of cryptostealers, particularly the malware-as-a-service (MaaS) infostealer Lumma Stealer targeting cryptocurrency wallets, indicated a notable surge in this domain.
The full report its available here: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h22023.pdf
