Sextortion emails and other text-based threats have been on a massive increase in H1 2023 and the question remains why. Are criminals just lazy? Are they trying to earn easy money during their days off? Or is this a part of something bigger, potentially involving generative AI?

And that’s just scratching the surface of the trends observed in the latest ESET Threat Report, the focus of this episode. Another intrusion vector that has seen increased attention from cybercriminals was MS SQL servers that had to withstand a renewed increase in brute force attacks.

Oh, and let’s not forget the criminal practice of usury, appearing in the form of malicious Android apps. Hunting for victims in the countries around the equator and in the southern hemisphere, cybercriminals try to pressure and threaten victims into paying exorbitant interest rates on short-term loans – which sometimes, they don’t even provide.

Yet, it wasn’t all bad in H1 2023. One piece of good news was that notorious Emotet botnet showed little activity, running only a few minor and surprisingly ineffective spam campaigns in March. After those were over, it went silent. What caught the attention of researchers was a new functionality resembling a debugging output. This feeds into the rumors that Emotet has been – at least partially – sold to another threat group that is unsure of how things work.

Another positive story came regarding Redline stealer. This notorious malware-as-a-service (MaaS) used by criminals to steal victim’s information and deliver other malware has been disrupted by ESET researchers and their friends at Flare systems. The disruption took down a chain of GitHub repositories necessary to run RedLine control panels for the affiliates. As there was no backup channel, operators behind the MaaS will have to find a different route to run their “service”.

For all those topics and more from ESET Threat Report, listen to the latest episode of ESET Research podcast, hosted by Aryeh Goretsky. This time, he directed his questions to one of the authors of the report, Security Awareness Specialist Ondrej Kubovič.

For the full report from H1 2023, including other topics such as changes in cryptocurrency threats, malicious OneNote files, the first double supply-chain attack – courtesy of Lazarus group – or the latest developments in the ransomware scene, click here.

Discussed:

  • Sextortion and text-based threats 1:46
  • Brute force attacks on MS SQL servers 7:10
  • Usury on Android apps 9:20
  • Emotet activity 13:25
  • RedLine Stealer disruption 16:45