ESET’s Threat Report publishes data on cyberthreats detected in the first half of this year and records new cybercrime trends. The data shows the remarkable adaptability of cybercriminals and the search for new ways of attack. For example exploiting vulnerabilities, obtaining unauthorized access, compromising sensitive information, implementing various actions for fraudulent purposes.
ESET Threat Report
One reason for the change in attack patterns is due to security criteria stricter ones introduced by Microsoft. Particularly regarding opening macro-enabled files. Telemetry data from ESET found that operators of the Emotet botnet have struggled to adapt to the attack surface reduction implemented by Microsoft’s new security policies. This could indicate that the botnet is now being run by another set of attackers.
See under ransomware entry
In the ransomware arena, operators have continued to exploit increasingly previously disclosed source code to create new variants of ransomware. According to the report, in a new attempt to bypass Microsoft’s security measures, the attackers replaced Office macros with modified OneNote files. Leveraging the ability to embed scripts and files directly into OneNote. In response, Microsoft changed the default setting, prompting cybercriminals to continue exploring alternative intrusion vectors. As brute-force attacks against Microsoft SQL servers intensify they could be one of the substitute approaches being tested.
More defenses for protection
Roman Kováč, Chief Research Officer at ESET
The source codes of ransomware like Babyk, LockBit and Conti, allow less experienced groups to engage in ransomware activity. But at the same time they allow us defenders to cover a wider range of variations with a more generic or familiar set of detections and rules.
ESET Threat Report, there are also cryptocurrencies
Cryptocurrency-related threats are steadily declining in ESET’s telemetry detections. But the activities of cybercriminals related to cryptocurrencies continue to persist. With cryptomining and cryptostealing capabilities increasingly integrated into more versatile malware strains. This evolution follows a pattern seen in the past, such as when keylogger malware was first identified as a separate threat. Eventually it became a common feature of many malware families.
The other threats detected
Looking at other threats that are more aimed at obtaining a major return economic, ESET observed in the first half of 2023 the resurgence of so-called sextortion emails, which exploits people’s fear of their online activities. Then an alarming growth of deceptive Android apps that allow you to apply for loans. Masquerading as legitimate personal credit services, they prey on vulnerable individuals with urgent financial needs.