Security News > 2023 > July > Same code, different ransomware? Leaks kick-start myriad of new variants

Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defrauding individuals, according to the H1 2023 ESET Threat Report.

ESET telemetry data also suggests that operators of the once-notorious Emotet botnet have struggled to adapt to the shrinking attack surface, possibly indicating that a different group acquired the botnet.

In the ransomware arena, actors increasingly reused previously leaked source code to build new ransomware variants.

According to the report, in a new attempt to bypass Microsoft security measures, attackers substituted Office macros with weaponized OneNote files in H1 2023, leveraging the capability to embed scripts and files directly into OneNote.

"Regarding the leaked source code of ransomware families such as Babyk, LockBit, and Conti, these allow amateurs to engage in ransomware activities, but at the same time enable us as defenders to cover a broader range of variants with a more generic or well-known set of detections and rules," says ESET Chief Research Officer Roman Kováč.

While cryptocurrency threats have been steadily declining in ESET telemetry - not even being resurrected by the recent increase in bitcoin's value - cryptocurrency-related cybercriminal activities continue to persist, with cryptomining and cryptostealing capabilities being increasingly incorporated into more versatile malware strains.

News URL

https://www.helpnetsecurity.com/2023/07/12/h1-2023-eset-threat-report/