ESET Research
Closing intrusion vectors forces cybercriminals to revisit their old avenues of attack, but also to look for new ways to attack their victims.
September 12, 2023
Sextortion emails and other text threats saw a massive increase in the first half of 2023 and the question remains why. Are criminals just lazy? Are they trying to make easy money on their days off? Or is this part of something bigger, potentially involving generative AI?
And this only scratches the surface of the trends observed in the latest threat report from ESET, at the center of this episode. Another intrusion vector that attracted increased attention from cybercriminals was MS SQL servers, which had to withstand a further increase in brute force attacks.
Oh, and let’s not forget the criminal practice of usury, which appears in the form of malicious Android apps. Looking for victims in countries around the equator and in the southern hemisphere, cybercriminals attempt to pressure and threaten their victims into paying exorbitant interest rates on short-term loans – which ‘sometimes they don’t even provide.
Still, not everything was so bad in the first half of 2023. One good news is that the notorious Emotet botnet showed little activity, launching only a few minor and surprisingly ineffective spam campaigns in March. Once these were finished, silence settled. What caught the researchers’ attention was a new feature resembling debug output. This fuels rumors that Emotet has been – at least partially – sold to another threat group that doesn’t know how things work.
Another positive story concerns the Redline thief. This infamous Malware as a Service (MaaS) used by criminals to steal victims’ information and distribute other malware has been disrupted by ESET researchers and their friends at Flare Systems. The disruption destroyed a chain of GitHub repositories needed to operate RedLine control panels for affiliates. Since there was no backup channel, the operators behind MaaS will have to find another path to make their “service” work.
For all of these topics and more on ESET Threat Report, listen to the latest episode of the ESET Research podcast, hosted by Aryeh Goretsky. This time, he directed his questions to one of the report’s authors, security awareness specialist Ondrej Kubovi.vs.
For the full H1 2023 report, including other topics such as evolving cryptocurrency threats, malicious OneNote files, the first double supply chain attack – courtesy of Lazarus Group – or the latest developments in the field of ransomware, Click here.
Discussed:
- Sextortion and text threats 1:46
- Brute force attacks on MS SQL servers 7:10
- Wear on Android apps 9:20
- Emoticon activity 1:25 p.m.
- RedLine flight disrupted at 4:45 p.m.