Threat Report H2-2023: Botnets, Ransomware, DDoS 

Threat Report H2-2023: Botnets, Ransomware, DDoS

Share post

The second half of 2023 was characterized by classic threats such as DDoS attacks and ransomware, but also by the sudden disappearance of the busy botnet Mozi. In addition, the API keys of ChatGPT users are at risk. The ESET Threat Report H2 2023.

In the new ESET Threat Report H2 2023, the European IT security manufacturer presents these and other threats as well as trends in the global threat landscape from June to November 2023. The aim of the report is to raise awareness of the biggest cyber threats and provide information about current risks. For more information, see the ESET Threat Report H2 2023 on

🔎 Although the problem is known, the number of Log4Shell exploits is increasing (Image: ESET).

Targeting OpenAI users

ESET researchers found several campaigns targeting OpenAI users: The experts identified web applications that were targeting users' AI keys. These keys are needed to gain access to the API of AI models such as ChatGPT, Dall-E and Whisper. There are costs for using the API, which are billed to the key owner. The latter therefore has a great interest in keeping his key secret. Some web applications recently asked users to enter their keys and sent them to their own servers. The result: Users are no longer in control of their AI keys and lose money if they fall into the wrong hands and are used in the event of a data leak.

Germany: About Egyptian zombies and old ransomware

Overall, the activity of well-known Mirai botnets such as Gafgyt, BotenaGo and Dofloo fell by 59 percent during the study period. Mirai is malware that creates a botnet using infected Linux devices. Nevertheless, Germany was one of their main targets at seven percent. Despite the declining activity, many of these networks grew: ESET researchers observed significant growth in the Mirai bot network in particular.

Although the number of servers commanding each compromised device decreased slightly, the overall Mirai network grew by a whopping 58 percent. The majority (65 percent) of the botnet is located in Egypt, where 10.000 devices were compromised. Germany was the main target of zombie computers: 16 percent of all attacks on individual devices targeted German devices, followed by the USA (9 percent).

When it comes to ransomware, Germany also plays a special role in international comparison: the GandGrab ransomware family no longer plays a role worldwide. Only 2,7 percent of all attacks are based on it. But in Germany their share was highest at 40 percent. In return, the STOP malware is at the forefront around the globe, but in this country it is only responsible for 2,4 percent of attacks.

Cl0p: ransom without ransomware

Internationally, the second half of 2023 was also characterized by cybercriminal activities. Cl0p, a notorious hacking group known for carrying out large-scale ransomware attacks, gained attention for its extensive “MOVEit hack.” The file transfer program is used by numerous manufacturers and service providers, and the number of affected users is correspondingly high. Surprisingly, no ransomware was used in the attack; instead, the hackers published parts of their loot on the Internet.

“The Cl0p attack targeted numerous organizations, including global companies and US government entities. A key difference in Cl0p's strategy was that stolen information was published on public websites if the ransom was not paid - a trend also seen with the ALPHV ransomware gang,” explains Jiří Kropáč, ESET Director of Threat Detection.

Goodbye Mozi, hello spyware

In the IoT landscape, ESET researchers have found a kill switch that successfully and permanently disabled the IoT botnet Mozi. Who is ultimately behind the shutdown remains unclear. It is possible that the operators themselves pulled the plug, whether of their own accord or under duress.

In the spyware space, there has been a significant increase in Android spyware cases, largely due to the presence of SpinOK spyware. Among Android threats, SpinOK is distributed as a software development kit and can be found in various legitimate Android applications.

Directly to the PDF report at


About ESET

ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit or follow us on LinkedIn, Facebook and Twitter.


Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more