ESET has released its H1 2023 Threat Report, an analysis covering the period from December 2022 to May 2023.
This latest report shines a spotlight on the remarkable adaptability of cybercriminals, their relentless pursuit of new avenues to achieve their nefarious goals, and the challenges faced by security professionals in combating these threats.
- Sextortion scams and phishing have seen a resurgence in H1 2023, with a significant increase in DOC/Fraud detections. Sextortion scams involve fraudsters threatening victims with revealing sensitive information unless a ransom is paid.
- Predatory lending practices have found new ground on Android, where malicious loan apps threaten victims with death threats and digital usury practices.
- Despite bitcoin’s comeback, cryptocurrency threat detections have been falling in H1 2023, indicating a decline in cryptocurrency threats. However, cybercriminals continue to incorporate cryptocurrency-related capabilities into malware.
- The Emotet botnet, once notorious, has seen its campaigns shrink as operators struggle to find new attack vectors. They have resorted to low-impact campaigns in H1 2023.
- Malicious actors have been testing OneNote files as a new intrusion vector, using them to spread malware. However, the effectiveness of this vector may decrease in the future.
- Microsoft SQL Server has become an attractive target for brute-force attacks, and the Log4Shell vulnerability has seen endemic growth.
- The macOS platform experienced the first case of two linked supply-chain attacks, compromising a significant number of devices.
- Leaked source code has led to the emergence of new ransomware variants, increasing the effectiveness of preexisting detections against emerging malware.
You can read the full report here.