July 2023

The latest ESET Threat Report brings changes that aim at making its content more engaging and accessible. One notable modification is our new approach to data presentation: Rather than detailing all of the data changes within each detection category, our intention is to provide more in-depth analyses of selected, notable developments. Another notable update is the change in publication frequency, transitioning from a triannual to a semiannual release schedule.
In this issue, we focus on the highlights of H1 2023, covering the period from December 2022 to May 2023. When comparing this period to H2 2022, we refer to the timeframe from June 2022 to November 2022.
 
In H1 2023, we observed trends highlighting cybercriminals’ remarkable adaptability and relentless pursuit of new avenues to achieve their nefarious goals – be it through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, or defrauding individuals. One of the reasons for these shifts in attack patterns is the stricter security policies introduced by Microsoft, particularly on opening macro-enabled files.
 
Our telemetry data also suggest that operators of the once-notorious Emotet botnet have struggled to adapt to the shrinking attack surface, possibly indicating that a different group acquired the botnet. In the ransomware arena, actors increasingly reused previously leaked source code to build new ransomware variants. While this allows amateurs to engage in ransomware activities, it also enables defenders like us to cover a broader range of variants, including newly emerging ones, with a more generic set of rules and detections.
 
Although cryptocurrency threats have been steadily declining in our telemetry, cryptocurrency-related cybercriminal activities continue to persist, with cryptomining and cryptostealing capabilities increasingly incorporated into more versatile malware strains. This evolution follows a pattern observed in the past when malware, such as keyloggers, was initially identified as a separate threat, but eventually became a common capability of many malware families.
 
Looking at other threats focused on financial gain, we observed a comeback of so-called sextortion scam emails, exploiting people’s fears related to their online activities, and an alarming growth of deceptive Android loan apps masquerading as legitimate personal loan services.
 
Download the report and learn a lot more!