The latest edition of the so-called “ESET Threat Report” (September to December 2022) highlights the impact of the ongoing war in Ukraine and its consequences for the world, including cyberspace. The invasion continues to have a major impact on energy prices, inflation and cyber threats. The ransomware scene is currently undergoing some of the biggest changes.
Cyberwar in Ukraine
Since the start of Russia's invasion of Ukraine, ransomware has increased its destructive capabilities. In the last third of the year, several ransomware-like wipers appeared targeting Ukrainian entities.
“The ongoing war in Ukraine has created a divide among ransomware operators. Some of them support aggression, others oppose it. The attackers have used increasingly destructive tactics, such as the use of wipers that mimic ransomware. In doing so, they encrypt the victim’s data – but without the intention of ever providing a decryption key.”
Roman Kovác, Chief Research Officer at ESET
The war also brings to light brute force attacks against exposed RDP services. The daily average was around 100 million attempts (compared to one billion in T1 2022). Despite the nominal decline in 2022, password cracking remains the most popular attack vector on networks.
The Log4j vulnerability, for which patches have been available since December 2021, continues to occupy second place in the ranking of external attack vectors. Attack attempts on Log4j increased by nine percent in the third quarter of 2022.
Cryptocurrency scams
The report also explains the impact of cryptocurrency prices and rising energy prices on various crypto threats. The threats from crimeware for cryptocurrencies fell by 25 percent in T3 2022 and have almost halved year-on-year. Infostealer discoveries declined both in the period studied and throughout 2022.
In contrast, cryptocurrency scams experience a real renaissance in the months of September to December. During this time, ESET products blocked 62 percent more phishing websites dealing with cryptocurrencies. Banking malware is also still on the rise. Their discoveries doubled compared to the previous year.
Christmas time is cheating time
It is almost traditional for internet fraudsters to increase their activities in the last quarter of the year. Accordingly, T3 saw a sharp increase in phishing activity. In 2022, these focused particularly on directing potential victims to fake online shops. These could hardly be distinguished from serious offers in terms of both language and content.
Malicious versions of Android mobile games took a negative lead during Advent. These were primarily placed in third-party app stores. “The Android platform also saw an increase in spyware over the year, driven by easily accessible spyware kits. These are available in various online forums and are used even by amateur attackers,” Kovác continues.
Android malware detections increased 57 percent in T3 2022, with adware, hidden apps and spyware leading the increase.
Cybercrime campaigns are becoming increasingly sophisticated
The ESET T3 2022 Threat Report also provides an overview of the key findings and achievements of ESET researchers. They discovered a MirrorFace spearphishing campaign targeting high-level Japanese political establishments and a new ransomware called RansomBoggs. This targeted several organizations in Ukraine and bears the fingerprints of the APT group Sandworm.
ESET researchers also discovered a campaign by the notorious Lazarus group that targets its victims with spearphishing emails containing documents with fake job offers. One of these decoys was sent to an employee of an aerospace company in the Netherlands.
In attacks on the supply chain, ESET experts found a new wiper and the associated execution tool. The APT group Agrius is believed to be behind this. They targeted users of an Israeli software suite widely used in the diamond industry.
For more information, see the ESET Threat Report T3 2022 on WeLiveSecurity: HERE
Source:
Press release
Also read our fact checks:
Video shows an escape during an earthquake, but it does not come from Turkey
Fake videos circulating about earthquakes in Turkey and Syria
Donations for earthquake disasters are not being misused to buy weapons to Ukraine
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

