ESET Threat Report T3 2022: When war meets cyberspace – the impact of Russia's invasion on digital threats

Editor
  • Since the start of the Russian invasion of Ukraine, ransomware has increased its destructive capabilities; in T3, several ransomware-mimicking wipers appeared in connection with the war, targeting Ukrainian entities.
  • RDP password-guessing attacks remained down in T3 2022, with daily averages oscillating around 100 million attack attempts (compared to 1 billion in T1 2022).
  • Despite patches having been available since December 2021, exploitation attempts of Log4j grew by 9% in T3 2022.
  • Cryptocurrency threats declined by 25% in T3 2022, with detections almost cut in half in a year-on-year comparison; while crimeware is decreasing, cryptocurrency-related scams are rising.
  • Banking malware detections more than doubled in a year-on-year comparison.
  • Android detections grew by 57% in T3 2022, with Adware, HiddenApps, and Spyware driving the increase.
  • Since the start of the Russian invasion of Ukraine, ransomware has increased its destructive capabilities; in T3, several ransomware-mimicking wipers appeared in connection with the war, targeting Ukrainian entities.
  • RDP password-guessing attacks remained down in T3 2022, with daily averages oscillating around 100 million attack attempts (compared to 1 billion in T1 2022).
  • Despite patches having been available since December 2021, exploitation attempts of Log4j grew by 9% in T3 2022.
  • Cryptocurrency threats declined by 25% in T3 2022, with detections almost cut in half in a year-on-year comparison; while crimeware is decreasing, cryptocurrency-related scams are rising.
  • Banking malware detections more than doubled in a year-on-year comparison.
  • Android detections grew by 57% in T3 2022, with Adware, HiddenApps, and Spyware driving the increase.

SINGAPORE February 8, 2023 — ESET released today its T3 2022 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research. The latest issue of the ESET Threat Report (covering October to December 2022) highlights the impact of the ongoing war on Ukraine and its effects on the world, including cyberspace. The invasion continues to have a major impact on energy prices, inflation, and cyberthreats, with the ransomware scene experiencing some of the biggest shifts.

"The ongoing war in Ukraine has created a divide among ransomware operators, with some supporting and others opposing the aggression. Attackers have also been using increasingly destructive tactics, such as deploying wipers that mimic ransomware and encrypt the victim’s data with no intention of providing a decryption key," explains Roman Kováč, Chief Research Officer at ESET.

The war also affected brute-force attacks against exposed RDP services, but despite the decline of these attacks in 2022, password guessing remains the most favored network attack vector. The Log4j vulnerability, patches for which have been available since December 2021, still placed second in the external intrusion vector ranking.

The report also explains the impact of cryptocurrency exchange rates and soaring energy prices on various crypto-threats, with cryptocurrency-related scams experiencing a renaissance. ESET products blocked an increase of 62% in cryptocurrency-themed phishing websites in T3, and the FBI recently issued a warning about a surge in new crypto-investment schemes. Overall infostealer detections trended down in both T3 and the whole of 2022; however, banking malware was an exception, with detections doubling in a year-on-year comparison.

Other trends in T3 include increased phishing activity impersonating online shops during the holiday season and the rise in Android adware detections due to malicious versions of mobile games being placed on third-party app stores before Christmas. "The Android platform also saw an increase in spyware throughout the year, due to easy-to-access spyware kits available on various online forums and used by amateur attackers,” added Kováč.

The ESET T3 2022 Threat Report also reviews the most important findings and achievements by ESET researchers. They discovered a MirrorFace spearphishing campaign against high-profile Japanese political entities, and new ransomware named RansomBoggs that targets multiple organizations in Ukraine and has Sandworm’s fingerprints all over it. ESET researchers also discovered a campaign conducted by the infamous Lazarus group that targets its victims with spearphishing emails containing documents with fake job offers; one of the lures was sent to an aerospace company employee. As for supply-chain attacks, ESET experts found a new wiper and its execution tool, which they have both attributed to the Agrius APT group, aiming at users of an Israeli software suite used in the diamond industry.

Besides these findings, the report also summarizes the many talks given by ESET researchers in recent months and introduces talks planned for both the RSA Conference and Botconf.

For more information, check out the ESET Threat Report T3 2022 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET is the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.