Skip to content

ESET Threat Report T3 2022: When war meets cyberspace – the impact of Russia’s invasion on digital threats

  • Since the start of the Russian invasion of Ukraine, ransomware has increased its destructive capabilities; in T3, several ransomware-mimicking wipers appeared in connection with the war, targeting Ukrainian entities.
  • RDP password-guessing attacks remained down in T3 2022, with daily averages oscillating around 100 million attack attempts (compared to 1 billion in T1 2022).
  • Despite patches having been available since December 2021, exploitation attempts of Log4j grew by 9% in T3 2022.
  • Cryptocurrency threats declined by 25% in T3 2022, with detections almost cut in half in a year-on-year comparison; while crimeware is decreasing, cryptocurrency-related scams are rising.
  • Banking malware detections more than doubled in a year-on-year comparison.
  • Android detections grew by 57% in T3 2022, with Adware, HiddenApps, and Spyware driving the increase.
  • Since the start of the Russian invasion of Ukraine, ransomware has increased its destructive capabilities; in T3, several ransomware-mimicking wipers appeared in connection with the war, targeting Ukrainian entities.
  • RDP password-guessing attacks remained down in T3 2022, with daily averages oscillating around 100 million attack attempts (compared to 1 billion in T1 2022).
  • Despite patches having been available since December 2021, exploitation attempts of Log4j grew by 9% in T3 2022.
  • Cryptocurrency threats declined by 25% in T3 2022, with detections almost cut in half in a year-on-year comparison; while crimeware is decreasing, cryptocurrency-related scams are rising.
  • Banking malware detections more than doubled in a year-on-year comparison.
  • Android detections grew by 57% in T3 2022, with Adware, HiddenApps, and Spyware driving the increase.

BRATISLAVAFebruary 8, 2023 — ESET released today its T3 2022 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research. The latest issue of the ESET Threat Report (covering October to December 2022) highlights the impact of the ongoing war on Ukraine and its effects on the world, including cyberspace. The invasion continues to have a major impact on energy prices, inflation, and cyberthreats, with the ransomware scene experiencing some of the biggest shifts.

“The ongoing war in Ukraine has created a divide among ransomware operators, with some supporting and others opposing the aggression. Attackers have also been using increasingly destructive tactics, such as deploying wipers that mimic ransomware and encrypt the victim’s data with no intention of providing a decryption key,” explains Roman Kováč, Chief Research Officer at ESET.

The war also affected brute-force attacks against exposed RDP services, but despite the decline of these attacks in 2022, password guessing remains the most favored network attack vector. The Log4j vulnerability, patches for which have been available since December 2021, still placed second in the external intrusion vector ranking.

The report also explains the impact of cryptocurrency exchange rates and soaring energy prices on various crypto-threats, with cryptocurrency-related scams experiencing a renaissance. ESET products blocked an increase of 62% in cryptocurrency-themed phishing websites in T3, and the FBI recently issued a warning about a surge in new crypto-investment schemes. Overall infostealer detections trended down in both T3 and the whole of 2022; however, banking malware was an exception, with detections doubling in a year-on-year comparison.

Other trends in T3 include increased phishing activity impersonating online shops during the holiday season and the rise in Android adware detections due to malicious versions of mobile games being placed on third-party app stores before Christmas. “The Android platform also saw an increase in spyware throughout the year, due to easy-to-access spyware kits available on various online forums and used by amateur attackers,” added Kováč.

The ESET T3 2022 Threat Report also reviews the most important findings and achievements by ESET researchers. They discovered a MirrorFace spearphishing campaign against high-profile Japanese political entities, and new ransomware named RansomBoggs that targets multiple organizations in Ukraine and has Sandworm’s fingerprints all over it. ESET researchers also discovered a campaign conducted by the infamous Lazarus group that targets its victims with spearphishing emails containing documents with fake job offers; one of the lures was sent to an aerospace company employee. As for supply-chain attacks, ESET experts found a new wiper and its execution tool, which they have both attributed to the Agrius APT group, aiming at users of an Israeli software suite used in the diamond industry.

Besides these findings, the report also summarizes the many talks given by ESET researchers in recent months and introduces talks planned for both the RSA Conference and Botconf.

For more information, check out the ESET Threat Report T3 2022 on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Understanding the Ins & Outs of Cyber Risk Quantification

Introduction

In today’s digital world, cyber risk is high and growing. The best way to control this risk is with a proactive cyber security strategy that quantifies and measures your company’s vulnerability to theft, fraud, or data breach.

The cyber threat landscape is diverse, and there is a wide range of potential threats in this sector, such as intellectual property theft, ransomware, data breaches, DDoS attacks, and insider threats. As cyber criminals improve on new methods for making threats, it is therefore important for cyber security professionals to be on top of where the latest threats are to hide from evolving threats. But for a company to achieve this, it must first understand the risks of cybersecurity, be vigilant in its security stance, and be aware of its accompanying risks.

Cyber risk quantification (CRQ) is the primary route to understanding the cyber threat landscape and mitigating risks within a cyber security environment. Cyber risk quantification is also part of Cyber Security Risk Management and is a crucial part of an organization’s overall security posture. It involves assessing risks relating to various cybersecurity topics, such as vulnerabilities, threats and impacts. Quantification addresses measurement, tracking and reporting on the risks relating to specific topics to prepare for cyberattacks effectively.

Risk quantification is determining how likely a threat or attack is to be successful against your organization and then assessing the severity of such an event. Cyber risk quantification is a part of this process, and it pertains specifically to threats that target information on computer networks or in physical systems, like computer networks or smartphones. These include both internal threats (such as employees) and those from external sources (hackers).

Risk quantification is an enterprise tool to help them understand their existing cyber risk environment. It also enables them to devise effective strategies for reducing those risks by implementing appropriate controls.

 

What is Cyber Risk Quantification?

This process of cyber risk quantification has been described as a three-step process: identifying the “pen-testing assets”, counting vulnerabilities, and measuring the potential threats. These steps represent a holistic approach, allowing a comprehensive view of one’s cyber risk posture and its vulnerabilities, threats, and risks.

At its core, cyber risk quantification is not a specific set of rules or methodologies but rather a method for conducting a rigorous, in-depth analysis of subjecting any IT infrastructure. The intent is to obtain objective evidence to develop strategies for reducing risks and ultimately strengthening an organization’s cyber resilience.

Benefits of Cyber Risk Quantification

Cyber risk quantification is important in ensuring that cyber threats are understood and can help cyber security teams analyse vulnerabilities and risks and create cyber risk mitigation strategies. The following are the benefits of cyber risk quantification.

Provides Insights into Vulnerabilities

An analysis of the information technology assets allows companies to understand their cyber risk posture and quantify their security vulnerabilities. The process makes companies feel more secure in knowing they are not as vulnerable as they originally assumed.

Helps Identify & Mitigate Threats

Cyber risk quantification is a process that helps identify the number of potential threats within an organization. It helps determine what the company needs to do to prevent a cyber attack.

Provides Information for Basing Decisions

The cyber risk quantification process allows the creation of an actionable and detailed plan for organizations to make informed decisions about protecting themselves from cyberattacks.

Helps Identify the Need for Resources

Companies can use the cyber risk quantification process results to determine what resources are required to reduce or eliminate current organizational threats and vulnerabilities.

Risk Management Decision

After a cyber risk quantification process, one can better understand their current security posture and related cyber risks to well-informed decisions about reducing this risk.

Automating the Process

Can automate cyber risk quantification to save time and labour. It means that technicians will not have to spend time performing cyber risk quantification on each piece of information technology equipment.

Cost-Effective

The overall cost of implementing cyber risk quantification will not be much more than processing a security vulnerability assessment.

 

Determining the Company’s Cyber Tolerance

Can use the information obtained for identifying and developing cybersecurity strategies for the foreseeable future. It means that the consequences of an attack during this planning period are less severe than those that would experience after a cyber attack once an organization has planned out their cyber security strategy.

Determining the Potential Cost of a Cyber Attack

Companies can use cyber risk quantification to estimate the cost of a successful attack and use this to determine how much money should be allocated towards mitigating the impact of an attack.

Planning Effective Training Programs

The results of a cyber risk quantification process can be used to create more effective training programs and plan for an organization’s IT infrastructure training needs.

 

How to Leverage on Cyber Risk Quantification

Cyber risk quantification can be leveraged on the following levels:

Organizational Levels

The senior management of an organization needs to determine the organizational level of cyber risk quantification. The level at which this model is used will depends on how large and how organized an organization is.

For example, an enterprise with thousands of employees or many systems will benefit from applying this model at a higher level (e.g., enterprise-wide) than a smaller company that runs just one corporate system.

Site Level

Organizationally focused cyber risk quantification methods can be applied to each site. It is the level at which most companies are structured; they have one or a few locations and may have dozens of sites. The IT personnel at each site may also not have direct access to all the data needed for an effective cyber risk quantification model.

Process Level

Many organizations are involved in processing large amounts of data (e.g. processing credit card information or handling employee information). These organizations can apply the same data processing methodologies to cyber risk quantification and perform a different amount of manual data analysis.

Asset Level

Cyber risk quantification can be applied to a specific asset (e.g., a server, router, switch). It is an effective method for performing cyber risk quantification on small network environments or those with limited access to the underlying devices on a network.

Information System Level

This level is useful for the entire IT infrastructure. Most organizations would benefit from a more holistic enterprise approach to cyber risk quantification.

Individual Asset Level

Some organizations may have large network environments that do not need a holistic enterprise-level approach to quantifying cyber risk. Some systems are relatively small and easy to manage individually with minimal use of IT resources.

Application Component Level

An individual application component (e.g. a web server) is typically not a significant resource on its own, and it has unique vulnerabilities that need to be fixed. In most instances, cyber risk quantification of an application component will include looking at its counterpart components. It would be a rare occurrence for those performing cyber risk quantification on an individual asset level.

Challenges of Cyber Risk Quantification

Cyber risk quantification is a challenging task because of the numerous variables can have an impact on how risks are quantified. Some of the most common factors that have to be considered when performing cyber risk quantification include:

Data Visibility

The amount of data for analysis is often limited in the cyber risk quantification process. It means that the available data has to be collected from a relatively small number of sources and then analyzed using an automated method.

Can’t Calculate Risk

Cyber risk quantification could be a better science. Often, organizations will need a higher level of understanding concerning the vulnerabilities they are trying to quantify and the impact a successful cyber attack would have on their company.

Partial Remediation

Sometimes, a company can perform some level of remediation, but not all of its IT infrastructure components. It is often the case in smaller companies where policy and security costs can be very high.

Time Frame of Analysis

Cyber threat intelligence is always changing, and so is the level of risk for an organization, even for an asset within that organization. Cyber risk quantification models must be set up to keep pace with these changes.

Data Manipulation

The information is also analyzed against other data that has been manipulated and stored for analysis. While this does not mean that all data is manipulated, it does mean that some data may have been tampered with or changed to alter the analysis’s findings (e.g., personal information).

No Consistent Methodology

Cyber risk quantification is not an exact science; therefore, it cannot be performed consistently.

No Standardization

The model used for cyber risk quantification may depend on the organization and the structure of its IT infrastructure. It is challenging to translate results from one organization to another or even use it across various industries.

No Known Method

Studies have shown that industry and IT experts do not widely accept any known cyber threat quantification methodology.

 

Conclusion

Cyber risk quantification stands as an emerging field in cybersecurity, that will undoubtedly play an increasingly crucial role in the future of cybersecurity for assessing organizational risk before potential attacks occur.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

[Webinar] What are the modern techniques for internal asset identification?

[Webinar] What are the modern techniques for internal asset identification?

Ransomware attack on insurance MSP Xchanging affects clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.

Xchanging is known as a managed service provider for businesses in the insurance industry but its list of customers includes companies from other fields: financial services, aerospace and defense, automotive, education, consumer packaged goods, healthcare, manufacturing.

Several customers affected

DXC Technology notified its investors in an 8-K form filed with the U.S. Securities and Exchange Commission that Xchanging has detected a ransomware attack on some of its systems.

The company reported the incident on July 5, expressing confidence that it did not spread outside the Xchanging network. For the moment, the investigation did not reveal any indication of data being affected. It is unclear when the company detected the attack.

An undisclosed number of customers was impacted by the cyberattack, denying access to their operating environment, reads the notification from the company. Containment and remediation measures were deployed to resolve the situation.

In a statement to BleepingComputer, a company spokesperson said that the problem is isolated to a subset of the Xchanging business and that customer data was not compromised or lost.

Efforts to restore services to customers are ongoing and at the moment remediation work is being done for just a few of them.

“While the revenue from those impacted customers is not material to DXC financial position, we nevertheless take this situation very seriously and have already restored services as nearly all of them” – DXC Technology spokesperson

As is typically the case with such incidents, the company is working with law enforcement and authorities on the investigation. This is also why there are few details available at this time.

There is no information about the family of the file-encrypting malware used in the attack and BleepingComputer does not know of a ransomware gang claiming the attack.

Related Articles:

Ransomware hits Technion university to protest tech layoffs and Israel

The Week in Ransomware – February 10th 2023 – Clop’s Back

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

City of Oakland systems offline after ransomware attack

A10 Networks confirms data breach after Play ransomware attack

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×