ESET Threat Report: The remarkable adaptability of cybercriminals, the comeback of sextortion scams, and a rise in deceptive loan apps
Created: 2023-07-17 03:11:52
- The H1 2023 ESET Threat Report highlights the remarkable adaptability of cybercriminals: through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, or defrauding individuals.
- Attackers developed new methods to attempt to bypass Microsoft security measures, including using weaponized OneNote files instead of Office macros. ESET researchers observed the comeback of so-called sextortion scam emails and an alarming growth of deceptive Android loan apps.
- ESET telemetry data also suggests that operators of the Emotet botnet have struggled to adapt, possibly indicating that a different group acquired the botnet.
- Leaked source code of ransomware families such as Babyk, LockBit, and Conti has been increasingly used in the development of new ransomware variants in H1 2023.
- The H1 2023 Threat Report covers December 2022 through May 2023, transitioning from a triannual to a semiannual release schedule.
BRATISLAVA — July 11, 2023 — ESET has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry from December 2022 through May 2023. In H1 2023, we observed developments highlighting cybercriminals’ remarkable adaptability and pursuit of new avenues of attack: exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defrauding individuals. One of the reasons for shifts in attack patterns is stricter security policies introduced by Microsoft, particularly on opening macro-enabled files. ESET telemetry data also suggests that operators of the once-notorious Emotet botnet have struggled to adapt to the shrinking attack surface, possibly indicating that a different group acquired the botnet. In the ransomware arena, actors increasingly reused previously leaked source code to build new ransomware variants. During the first half of 2023, sextortion email scams made a comeback, and ESET observed an alarming growth in the number of deceptive Android loan apps.
According to the report, in a new attempt to bypass Microsoft security measures, attackers substituted Office macros with weaponized OneNote files in H1 2023, leveraging the capability to embed scripts and files directly into OneNote. In response, Microsoft adjusted the default setup, prompting cybercriminals to continue exploring alternative intrusion vectors, with intensifying brute-force attacks against Microsoft SQL servers potentially representing one of the tested replacement approaches.
“Regarding the leaked source code of ransomware families such as Babyk, LockBit, and Conti, these allow amateurs to engage in ransomware activities, but at the same time enable us as defenders to cover a broader range of variants with a more generic or well-known set of detections and rules,” says ESET Chief Research Officer Roman Kováč.
While cryptocurrency threats have been steadily declining in ESET telemetry – not even being resurrected by the recent increase in bitcoin's value – cryptocurrency-related cybercriminal activities continue to persist, with cryptomining and cryptostealing capabilities being increasingly incorporated into more versatile malware strains. This evolution follows a pattern observed in the past, such as when keylogger malware was initially identified as a separate threat, but eventually became a common capability of many malware families.
Looking at other threats focused on financial gain, ESET researchers observed the comeback of so-called sextortion scam emails, exploiting people’s fears related to their online activities, and an alarming growth in deceptive Android loan apps masquerading as legitimate personal loan services and taking advantage of vulnerable individuals with urgent financial needs.
For more information, check out the ESET Threat Report H1 2023 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.