The H1 2023 threat landscape has revealed new developments and trends in cybercriminal activity, according to ESET telemetry and their threat detection and research experts. In their latest issue of the ESET Threat Report, the company has made changes to make the content more engaging and accessible for readers.
One notable change in this issue is the presentation of data. Instead of detailing all data changes within each detection category, ESET has chosen to provide more in-depth analyses of selected significant developments. For those seeking a comprehensive overview of the telemetry data in each category, they can refer to the full set of charts and figures in the dedicated Threat Telemetry section.
Another notable update is the change in publication frequency. The ESET Threat Report will now be released semiannually, instead of three times a year. In this issue, the focus is on the highlights of H1 2023, covering the period from December 2022 through May 2023. When comparing this period to H2 2022, which refers to the timeframe from June 2022 to November 2022.
The reports from H1 2023 show that cybercriminals have displayed remarkable adaptability and have relentlessly pursued new avenues to achieve their nefarious goals. They have exploited vulnerabilities, gained unauthorized access, compromised sensitive information, and defrauded individuals. One reason for the shifts in attack patterns is the stricter security policies introduced by Microsoft, particularly regarding the opening of macro-enabled files. In an attempt to bypass these measures, attackers have substituted macros with weaponized OneNote files, leveraging the capability of embedding other files directly into OneNote. Microsoft responded by readjusting their security measures, prompting cybercriminals to explore alternative intrusion vectors. One such approach that intensified in H1 2023 is brute-force attacks against Microsoft SQL servers.
Furthermore, the telemetry data also suggests that the operators of the once-notorious Emotet botnet have struggled to adapt to the shrinking attack surface. This struggle may indicate that a different group has acquired the botnet. In the ransomware arena, actors have increasingly reused previously leaked source code to build new ransomware variants. While this allows amateurs to engage in ransomware activities, it also enables defenders, like ESET, to cover a broader range of variants with a more generic set of rules and detections.
Although the telemetry data shows a decline in cryptocurrency threats, cryptocurrency-related cybercriminal activities continue to persist. These activities have seen the incorporation of cryptomining and cryptostealing capabilities into more versatile malware strains. This evolution follows a pattern observed in the past when keyloggers were initially identified as a separate threat but eventually became a common capability of many malware families.
Aside from cryptocurrency threats, other threats focused on financial gain have emerged. Sextortion scam emails have made a comeback, exploiting individuals’ fears related to their online activities. Additionally, there has been an alarming growth in deceptive Android loan apps masquerading as legitimate personal loan services. These apps take advantage of vulnerable individuals with urgent financial needs.
In conclusion, the H1 2023 threat landscape has revealed the adaptability and relentless nature of cybercriminals. They have adjusted their attack patterns to bypass security measures, reused source code for ransomware variants, and incorporated cryptocurrency-related capabilities into malware strains. It is crucial for individuals and organizations to stay informed about these evolving threats and take necessary measures to protect themselves.