Threat Report, T3 2022

Welcome to the T3 2022 issue of the ESET Threat Report!

In 2022, an unprovoked and unjustified attack on Ukraine shocked the world, bringing devastating effects on the country and its population. The war continues to impact everything from energy prices and inflation to cyberspace, which ESET researchers and analysts have monitored extensively throughout the year.

Among the effects seen in cyberspace, the ransomware scene experienced some of the biggest shifts. From the beginning of the invasion, we’ve seen a divide among ransomware operators, with some supporting and others opposing this aggression. The attackers have also been using increasingly destructive tactics, such as deploying wipers that mimic ransomware and encrypt the victim’s data with no intention of providing the decryption key.

The war also affected brute-force attacks against exposed RDP services, with these attacks nose-diving in 2022. Other factors that might have contributed to this slump, besides the war, are a decline in remote work, improved setup and countermeasures by company IT departments, and a new brute-force blocking feature built into Windows 11. Most of the RDP attacks detected in 2022 originated from Russian IP addresses.

Even with the decline in RDP attacks, password guessing was still the most favored network attack vector in T3 2022. And despite remedies being available for the Log4J vulnerability since December 2021, it still placed second in the external intrusion vector ranking.

Various crypto-threats were impacted by plummeting cryptocurrency exchange rates on one side and soaring energy prices on the other. While traditional crimeware such as cryptostealers and cryptominers declined, cryptocurrency-related scams have been going through a renaissance: cryptocurrency-themed phishing websites blocked by ESET products increased by 62% in T3, and the FBI recently issued a warning about a surge in new crypto-investment schemes.

Numerous holidays celebrated in December led to increased phishing activity impersonating online shops, as people buying gifts online represent a very lucrative target for cybercrooks. And when mobile game developers rolled out new releases before the Christmas season, attackers exploited the hype by uploading their modified malicious versions to third-party app stores. In turn, we’ve observed a significant increase in Android adware detections in T3 2022…