Increasingly destructive ransomware; RDP password guessing attacks decreasing; attempts to exploit Log4j are increasing; scams related to cryptocurrencies are growing; banking malware detections doubled; +57% Android detections, with Adware, HiddenApps and Spyware in the lead
ESET, global leader in the cybersecurity market, published the Threat Report T3 2022, which summarizes trends observed by its detection systems and highlights advances in ESET cybersecurity research. The latest edition of the ESET Threat Report (covering October-December 2022) highlights the impact of the ongoing war in Ukraine and its effects on the world, including cyberspace. The invasion continues to have a major impact on energy prices, inflation and cyber threats, with ransomware experiencing some of the biggest changes.
"The ongoing war in Ukraine has created a rift between ransomware operators who are partly for and partly against the attack. These operators have also resorted to increasingly destructive tactics, such as distributing wipers that mimic ransomware and encrypt the victim's data without any intention of providing a decryption key," he explains Roman Kováč, Chief Research Officer at ESET.
The conflict also involved brute-force attacks against exposed RDP services, but despite a decline in this type of attack in 2022, password guessing remains the most used network attack vector. The Log4j vulnerability, patches for which have been available since December 2021, is still in second place in the ranking of external intrusion vectors.
The report also explains the impact of cryptocurrency exchange rates and soaring energy prices on various related threats, with cryptocurrency-themed scams experiencing a resurgence.
ESET products blocked a further 62% increase in cryptocurrency-themed phishing websites in Q3, and the FBI recently raised an alert about the increase in new cryptocurrency investment schemes. Overall infostealer detections trended downward in both Q3 and full-year 2022; however, banking malware was an exception, with detections doubling in a year-over-year comparison.
Other trends in Q3 include increased phishing activity from fake online stores during the holiday season and increased Android adware detections due to malicious versions of mobile games being released to third-party app stores before Christmas. “The Android platform has also seen an increase in spyware over the year, due to easy-to-access spyware kits available on various online forums and used by amateur attackers,” Kováč added.
The Threat Report T3 2022 It also reviews the most important discoveries and results obtained by ESET specialists. Among these, one MirrorFace spearphishing campaign against high-profile Japanese political figures and a new ransomware named RansomBoggs which targets several organizations in Ukraine and which has the same characteristics as Sandworm. ESET researchers also discovered a campaign run by the infamous Lazarus group that targets its victims with spearphishing emails containing documents with false job offers; one of the baits was sent to an employee of an aerospace company.
Regarding supply-chain attacks, ESET experts have identified a new wiper and its execution tool, both attributed to the gruppo APT Agrius, which targets users of an Israeli software suite used in the diamond industry.
The report also contains an overview of the numerous talks given by ESET researchers in recent months and previews their participation in both the RSA Conference and Botconf.
For more information, see l’ESET Threat Report T3 2022 su WeLiveSecurity.
