Ransomware

The second half of 2023 witnessed major cybersecurity incidents. Cl0p, a notorious cybercriminal group known for carrying out large-scale ransomware attacks, drew attention for its extensive "MOVEit hack". The attack targeted numerous organizations, global corporations and government agencies. A key change in Cl0p's strategy was its decision to leak stolen information to open websites around the world in cases where ransom was not paid, a trend also seen with the ALPHV ransomware group. Other new strategies in the ransomware landscape, according to the FBI, have included the simultaneous deployment of multiple ransomware variants and the use of wipers following data theft and encryption.

Cryptocurrencies

The rise in the value of bitcoin has not been accompanied by a corresponding increase in threats against cryptocurrency, a divergence from previous trends. However, cryptocurrency thieves have seen a notable increase, caused by the rise of the Lumma Stealer malware-as-a-service (MaaS) infostealer Lumma Stealer, which targets cryptocurrency wallets. These developments show an ever-evolving cybersecurity landscape, with threat actors using a wide range of tactics.

Internet of Things (IoT)

In the IoT landscape, ESET researchers have made a notable discovery. They have identified a kill switch that had been used to take down the Mozi IoT botnet, one of the largest of its kind they have monitored over the past three years. The nature of Mozi's sudden downtime raises the question of whether the kill switch was used by the botnet's creators or by Chinese security forces. A new threat, Android/Pandora, appeared in the same scenario, compromising Android devices such as smart TVs, TV boxes and mobile devices, and using them for DDoS attacks.

Artificial Intelligence

As part of the discussion on AI-based attacks, ESET has identified specific campaigns targeting users of tools such as ChatGPT. "We have also observed a considerable number of attempts to access malicious domains with similar names, apparently in reference to the ChatGPT chatbot. The threats found through these domains also include web applications that insecurely handle OpenAI API keys, emphasizing the importance of protecting the privacy of your OpenAI API keys", says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

Spyware

Another type of threats in which a significant increase was recorded are cases of Android spyware, mainly attributed to the presence of SpinOk spyware. This malicious software is distributed as a software development kit and is found inside several legitimate Android applications. One of the most recorded threats in the second half of the year is a three-year-old malicious JavaScript code detected as JS/Agent, which keeps loading on compromised websites. Similarly, Magecart, a threat that chases credit card data, has continued to grow for two years by attacking unpatched websites. In all three of these cases, the attacks could have been prevented if developers and administrators had implemented appropriate security measures.

Translated by: A.M