The second half of 2023 was characterized by classic threats such as DDoS attacks and ransomware, but also by the sudden disappearance of the busy botnet Mozi. In addition, the API keys of ChatGPT users are at risk. The ESET Threat Report H2 2023.
In the new ESET Threat Report H2 2023, the European IT security manufacturer presents these and other threats as well as trends in the global threat landscape from June to November 2023. The aim of the report is to raise awareness of the biggest cyber threats and provide information about current risks. For more information, see the ESET Threat Report H2 2023 on WeLiveSecurity.com.
🔎 Although the problem is known, the number of Log4Shell exploits is increasing (Image: ESET).
Targeting OpenAI users
ESET researchers found several campaigns targeting OpenAI users: The experts identified web applications that were targeting users' AI keys. These keys are needed to gain access to the API of AI models such as ChatGPT, Dall-E and Whisper. There are costs for using the API, which are billed to the key owner. The latter therefore has a great interest in keeping his key secret. Some web applications recently asked users to enter their keys and sent them to their own servers. The result: Users are no longer in control of their AI keys and lose money if they fall into the wrong hands and are used in the event of a data leak.
Germany: About Egyptian zombies and old ransomware
Overall, the activity of well-known Mirai botnets such as Gafgyt, BotenaGo and Dofloo fell by 59 percent during the study period. Mirai is malware that creates a botnet using infected Linux devices. Nevertheless, Germany was one of their main targets at seven percent. Despite the declining activity, many of these networks grew: ESET researchers observed significant growth in the Mirai bot network in particular.
Although the number of servers commanding each compromised device decreased slightly, the overall Mirai network grew by a whopping 58 percent. The majority (65 percent) of the botnet is located in Egypt, where 10.000 devices were compromised. Germany was the main target of zombie computers: 16 percent of all attacks on individual devices targeted German devices, followed by the USA (9 percent).
When it comes to ransomware, Germany also plays a special role in international comparison: the GandGrab ransomware family no longer plays a role worldwide. Only 2,7 percent of all attacks are based on it. But in Germany their share was highest at 40 percent. In return, the STOP malware is at the forefront around the globe, but in this country it is only responsible for 2,4 percent of attacks.
Cl0p: ransom without ransomware
Internationally, the second half of 2023 was also characterized by cybercriminal activities. Cl0p, a notorious hacking group known for carrying out large-scale ransomware attacks, gained attention for its extensive “MOVEit hack.” The file transfer program is used by numerous manufacturers and service providers, and the number of affected users is correspondingly high. Surprisingly, no ransomware was used in the attack; instead, the hackers published parts of their loot on the Internet.
“The Cl0p attack targeted numerous organizations, including global companies and US government entities. A key difference in Cl0p's strategy was that stolen information was published on public websites if the ransom was not paid - a trend also seen with the ALPHV ransomware gang,” explains Jiří Kropáč, ESET Director of Threat Detection.
Goodbye Mozi, hello spyware
In the IoT landscape, ESET researchers have found a kill switch that successfully and permanently disabled the IoT botnet Mozi. Who is ultimately behind the shutdown remains unclear. It is possible that the operators themselves pulled the plug, whether of their own accord or under duress.
In the spyware space, there has been a significant increase in Android spyware cases, largely due to the presence of SpinOK spyware. Among Android threats, SpinOK is distributed as a software development kit and can be found in various legitimate Android applications.
Directly to the PDF report at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.