HomeCII/OTSextortion, digital extortion, and SQL brute-force: The rising threats of cybercrime.

Sextortion, digital extortion, and SQL brute-force: The rising threats of cybercrime.

Published on

spot_img

Sextortion emails and other text-based threats have seen a significant increase in the first half of 2023, leaving experts puzzled as to the reasons behind this surge. The latest ESET Threat Report sheds light on this trend and explores other noteworthy developments in the cybercrime landscape. Evidently, cybercriminals are revisiting old attack avenues and exploring new ways to target their victims.

One intrusion vector that has regained the attention of cybercriminals is MS SQL servers, which have experienced a renewed wave of brute force attacks. These attacks involve cybercriminals repeatedly attempting various password combinations until they gain unauthorized access to the targeted servers. This highlights the importance of strengthening the security measures surrounding MS SQL servers to prevent potential breaches.

Moreover, another concerning practice observed by ESET researchers involves malicious Android apps engaging in usury. In regions near the equator and the southern hemisphere, cybercriminals leverage these apps to pressure and threaten victims into paying exorbitant interest rates on short-term loans, despite the fact that these criminals often fail to provide the promised loans. This underscores the need for heightened awareness regarding the risks associated with downloading and using unauthorized apps.

However, amidst these alarming trends, there is some positive news. The notorious Emotet botnet, known for its malicious activities, displayed minimal activity in the first half of 2023. It only conducted a few minor and ineffective spam campaigns in March before going silent. Researchers observed a new functionality resembling a debugging output, which suggests that Emotet might have been sold to another threat group struggling to navigate its intricacies.

Additionally, ESET researchers and their partners at Flare Systems successfully disrupted the Redline stealer, a highly problematic malware-as-a-service (MaaS) utilized by criminals to steal sensitive information and distribute other malware. By targeting the chain of GitHub repositories crucial for operating RedLine control panels, the researchers managed to disrupt the MaaS’s infrastructure. This setback forces the operators behind Redline to seek alternative methods to continue their malicious activities.

To delve deeper into the topics covered in the ESET Threat Report for H1 2023, listeners are encouraged to tune in to the latest episode of the ESET Research podcast hosted by Aryeh Goretsky. In this episode, Security Awareness Specialist Ondrej Kubovič discusses the various findings and insights highlighted in the report.

For a comprehensive overview of the entire report, including discussions on cryptocurrency threats, malicious OneNote files, the first double supply-chain attack orchestrated by the Lazarus group, and the latest developments in the realm of ransomware, interested individuals can access the full report here.

In conclusion, the evolving threat landscape continues to challenge cybersecurity professionals, necessitating constant vigilance and adaptable defense strategies. The rise of sextortion emails, brute force attacks on MS SQL servers, Android apps engaging in usury, and other cyber threats underscores the need for organizations and individuals to remain proactive in safeguarding their digital assets and personal information.

Source link

Latest articles

Hackers Exploit Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts

Rising Phishing Threat Exploits Microsoft Authentication Flows A new phishing technique has surfaced, capitalizing on...

NCA Warns Parents About Exploitation of Shared Child Photos by AI

The National Crime Agency (NCA) has initiated a significant campaign aimed at educating parents...

Single Points of Failure Are Problematic: The SaaS Layer Is No Exception

Lessons in IT Resilience: The Inevitable Nature of Failure and the Case for Redundancy In...

AI Isn’t Bridging the Skills Gap — It’s Highlighting the Validation Gap

AI and Cybersecurity: A Growing Concern Amidst Rapid Deployment The advent of artificial intelligence (AI)...

More like this

Hackers Exploit Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts

Rising Phishing Threat Exploits Microsoft Authentication Flows A new phishing technique has surfaced, capitalizing on...

NCA Warns Parents About Exploitation of Shared Child Photos by AI

The National Crime Agency (NCA) has initiated a significant campaign aimed at educating parents...

Single Points of Failure Are Problematic: The SaaS Layer Is No Exception

Lessons in IT Resilience: The Inevitable Nature of Failure and the Case for Redundancy In...