The Threat Report covers the period from June to November 2023, analyzing trends observed by ESET telemetry and researchers
ESET, the global European leader in the cybersecurity market, has published the latest Threat Report, which summarizes the trends observed by ESET detection systems and experts from June to November 2023. The second half of 2023 was characterized by significant cybersecurity incidents. Cl0p, a notorious cybercriminal group known for carrying out large-scale ransomware attacks, has attracted attention due to its extensive “MOVEit hack” activities, which surprisingly did not involve the distribution of ransomware. In the IoT landscape, ESET researchers have identified a kill switch that was used to render the Mozi IoT botnet non-functional. Among the prevailing discussions about AI-enabled attacks, ESET has identified specific campaigns targeting users of tools such as ChatGPT and the OpenAI API. As for spyware, there has been a significant increase in Android spyware cases, mainly attributed to the presence of the SpinOk threat.
"The Cl0p attack affected numerous organizations, including global businesses and US government agencies. A key change in Cl0p's strategy was the move to leak stolen information on public websites where the ransom was not paid, a trend also seen with the ALPHV ransomware gang," he explains Jiří Kropáč, Director of Threat Detection at ESET.
A new threat against IoT devices, Android/Pandora, has compromised Android devices – including smart TVs, TV boxes and mobile devices – and used them for DDoS attacks. ESET Research has also recorded a considerable number of attempts to access malicious domains with names resembling “ChatGPT”, apparently in reference to the ChatGPT chatbot. Threats found across these domains include web applications that insecurely handle OpenAI API keys, underscoring the importance of protecting the privacy of user code.
Among Android threats, SpinOK spyware, distributed as a software development kit, is found inside various legitimate Android applications. On another front, the second most recorded threat in H2 2023 is JavaScript malicious code detected as JS/Agent, which continues to be introduced into compromised websites.
In contrast, the growth in the value of bitcoin has not been accompanied by a corresponding increase in threats to cryptocurrencies, deviating from past trends. However, cryptocurrency thefts have seen a notable increase, caused by the spread of the Lumma Stealer infostealer malware-as-a-service, which targets cryptocurrency wallets.
For more information, see l’ESET Threat Report H2 2023 su WeLiveSecurity.
