Menace Experiences, ESET Analysis
A view of the H1 2023 risk panorama as seen by ESET telemetry and from the attitude of ESET risk detection and analysis consultants
11 Jul 2023
•
,
2 min. learn
We’re happy to current the most recent difficulty of ESET Menace Report, which brings adjustments geared toward making its contents extra partaking and accessible. One notable modification is our new method to knowledge presentation: fairly than detailing all knowledge adjustments inside every detection class, our intention is to offer extra in-depth analyses of chosen, notable developments. For these in search of a complete overview of the telemetry knowledge associated to every class, now we have included the total set of charts and figures in a devoted Menace Telemetry part.
One other notable replace is the change in publication frequency, transitioning from triannual to a semiannual launch schedule. On this difficulty, we deal with the highlights of H1 2023, overlaying the interval from December 2022 by means of Could 2023. When evaluating this era to H2 2022, we consult with the timeframe from June 2022 to November 2022.
In H1 2023, we noticed traits highlighting cybercriminals’ exceptional adaptability and relentless pursuit of recent avenues to attain their nefarious targets – be it by means of exploiting vulnerabilities, gaining unauthorized entry, compromising delicate data, or defrauding people. One of many causes for shifts in assault patterns is stricter safety insurance policies launched by Microsoft, notably on opening macro-enabled recordsdata. In a brand new try and bypass these measures, attackers substituted macros with weaponized OneNote recordsdata in H1 2023, leveraging the aptitude of embedding different recordsdata straight into OneNote. In response, Microsoft readjusted, prompting cybercriminals to proceed exploring different intrusion vectors, with intensifying brute-force assaults towards Microsoft SQL servers probably being one of many examined approaches.
Our telemetry knowledge additionally means that operators of the once-notorious Emotet botnet have struggled to adapt to the shrinking assault floor, probably indicating {that a} totally different group acquired the botnet. Within the ransomware enviornment, actors more and more reused beforehand leaked supply code to construct new ransomware variants. Whereas this enables amateurs to interact in ransomware actions, it additionally allows defenders like us to cowl a broader vary of variants, together with newly rising ones, with a extra generic algorithm and detections.
Though cryptocurrency threats have been steadily declining in our telemetry – not even to be resurrected by the latest enhance in bitcoin’s worth – cryptocurrency-related cybercriminal actions proceed to persist, with cryptomining and cryptostealing capabilities more and more included into extra versatile malware strains. This evolution follows a sample noticed previously, when malware similar to keyloggers was initially recognized as a separate risk, however finally grew to become a standard functionality of many malware households.
different threats targeted on monetary achieve, we noticed a comeback of so-called sextortion rip-off emails, exploiting folks’s fears associated to their on-line actions, and an alarming progress of misleading Android mortgage apps masquerading as authentic private mortgage companies, benefiting from susceptible people with pressing monetary wants.
I want you an insightful learn.
Observe ESET analysis on Twitter for normal updates on key traits and prime threats.
To be taught extra about how risk intelligence can improve the cybersecurity posture of your group, go to the ESET Menace Intelligence web page.
