A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
19 Dec 2023
2 min. read
The second half of 2023 witnessed significant cybersecurity incidents. Cl0p, a notorious cybercriminal group known for carrying out ransomware attacks on a major scale, garnered attention through its extensive “MOVEit hack”, which surprisingly did not involve ransomware deployment. The attack targeted numerous organizations, including global corporations and US governmental agencies. A key shift in Cl0p’s strategy was its move to leak stolen information to open worldwide web sites in cases where the ransom was not paid, a trend also seen with the ALPHV ransomware gang. Other new strategies in the ransomware scene, according to the FBI, have included the simultaneous deployment of multiple ransomware variants and the use of wipers following data theft and encryption.
In the IoT landscape, our researchers have made a notable discovery. They have identified a kill switch that had been used to successfully render the Mozi IoT botnet nonfunctional. It is worth mentioning that the Mozi botnet is one of the largest of its kind we have monitored over the past three years. The nature of Mozi’s sudden downfall raises the question of whether the kill switch was used by the botnet creators or Chinese law enforcement. A new threat, Android/Pandora, surfaced in the same landscape, compromising Android devices – including smart TVs, TV boxes, and mobile devices – and utilizing them for DDoS attacks.
Amidst the prevalent discussion regarding AI-enabled attacks, we have identified specific campaigns targeting users of tools like ChatGPT. We also noticed a considerable number of attempts to access malicious domains with names resembling “chapgpt”, seemingly in reference to the ChatGPT chatbot. Threats encountered via these domains also include web apps that insecurely handle OpenAI API keys, emphasizing the importance of protecting the privacy of your OpenAI API keys.
Lastly, the increasing value of bitcoin has not been accompanied by a corresponding increase in cryptocurrency threats, diverging from past trends. However, cryptostealers have seen a notable increase, caused by the rise of the malware-as-a-service (MaaS) infostealer Lumma Stealer, which targets cryptocurrency wallets. These developments show an ever-evolving cybersecurity landscape, with threat actors using a wide range of tactics.
I wish you an insightful read.
Follow ESET research on Twitter for regular updates on key trends and top threats.
To learn more about how threat intelligence can enhance the cybersecurity posture of your organization, visit the ESET Threat Intelligence page.