ESET Threat Report T3 2022: When war meets cyberspace – the impact of Russia's invasion on digital threats
Created: 2023-02-13 07:55:59
- Since the start of the Russian invasion of Ukraine, ransomware has increased its destructive capabilities; in T3, several ransomware-mimicking wipers appeared in connection with the war, targeting Ukrainian entities.
- RDP password-guessing attacks remained down in T3 2022, with daily averages oscillating around 100 million attack attempts (compared to 1 billion in T1 2022).
- Despite patches having been available since December 2021, exploitation attempts of Log4j grew by 9% in T3 2022.
- Cryptocurrency threats declined by 25% in T3 2022, with detections almost cut in half in a year-on-year comparison; while crimeware is decreasing, cryptocurrency-related scams are rising.
- Banking malware detections more than doubled in a year-on-year comparison.
- Android detections grew by 57% in T3 2022, with Adware, HiddenApps, and Spyware driving the increase.
- Since the start of the Russian invasion of Ukraine, ransomware has increased its destructive capabilities; in T3, several ransomware-mimicking wipers appeared in connection with the war, targeting Ukrainian entities.
- RDP password-guessing attacks remained down in T3 2022, with daily averages oscillating around 100 million attack attempts (compared to 1 billion in T1 2022).
- Despite patches having been available since December 2021, exploitation attempts of Log4j grew by 9% in T3 2022.
- Cryptocurrency threats declined by 25% in T3 2022, with detections almost cut in half in a year-on-year comparison; while crimeware is decreasing, cryptocurrency-related scams are rising.
- Banking malware detections more than doubled in a year-on-year comparison.
- Android detections grew by 57% in T3 2022, with Adware, HiddenApps, and Spyware driving the increase.
BRATISLAVA — February 8, 2023 — ESET released today its T3 2022 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research. The latest issue of the ESET Threat Report (covering October to December 2022) highlights the impact of the ongoing war on Ukraine and its effects on the world, including cyberspace. The invasion continues to have a major impact on energy prices, inflation, and cyberthreats, with the ransomware scene experiencing some of the biggest shifts.
"The ongoing war in Ukraine has created a divide among ransomware operators, with some supporting and others opposing the aggression. Attackers have also been using increasingly destructive tactics, such as deploying wipers that mimic ransomware and encrypt the victim’s data with no intention of providing a decryption key," explains Roman Kováč, Chief Research Officer at ESET.
The war also affected brute-force attacks against exposed RDP services, but despite the decline of these attacks in 2022, password guessing remains the most favored network attack vector. The Log4j vulnerability, patches for which have been available since December 2021, still placed second in the external intrusion vector ranking.
The report also explains the impact of cryptocurrency exchange rates and soaring energy prices on various crypto-threats, with cryptocurrency-related scams experiencing a renaissance. ESET products blocked an increase of 62% in cryptocurrency-themed phishing websites in T3, and the FBI recently issued a warning about a surge in new crypto-investment schemes. Overall infostealer detections trended down in both T3 and the whole of 2022; however, banking malware was an exception, with detections doubling in a year-on-year comparison.
Other trends in T3 include increased phishing activity impersonating online shops during the holiday season and the rise in Android adware detections due to malicious versions of mobile games being placed on third-party app stores before Christmas. "The Android platform also saw an increase in spyware throughout the year, due to easy-to-access spyware kits available on various online forums and used by amateur attackers,” added Kováč.
The ESET T3 2022 Threat Report also reviews the most important findings and achievements by ESET researchers. They discovered a MirrorFace spearphishing campaign against high-profile Japanese political entities, and new ransomware named RansomBoggs that targets multiple organizations in Ukraine and has Sandworm’s fingerprints all over it. ESET researchers also discovered a campaign conducted by the infamous Lazarus group that targets its victims with spearphishing emails containing documents with fake job offers; one of the lures was sent to an aerospace company employee. As for supply-chain attacks, ESET experts found a new wiper and its execution tool, which they have both attributed to the Agrius APT group, aiming at users of an Israeli software suite used in the diamond industry.
Besides these findings, the report also summarizes the many talks given by ESET researchers in recent months and introduces talks planned for both the RSA Conference and Botconf.
For more information, check out the ESET Threat Report T3 2022 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.