The ESET Threat Report for the second half of 2023 highlights significant cybersecurity incidents, including the Cl0p ransomware group’s “MOVEit hack” and the emergence of new ransomware strategies. In the IoT landscape, the Mozi botnet was rendered nonfunctional through a discovered kill switch, while the Android/Pandora threat compromised Android devices for DDoS attacks. AI-enabled attacks targeted users of tools like ChatGPT, and there was an increase in Android spyware cases. Additionally, the report discusses the continued presence of malicious JavaScript code, Magecart attacks, and the rise of crypto stealers targeting cryptocurrency wallets.
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s home was targeted in a swatting incident, highlighting a nationwide trend targeting government officials. Swatting involves making false emergency calls to draw law enforcement to a location. Easterly emphasized the dangers of swatting and expressed concern over the harassment of public officials. Swatting incidents have increased recently, targeting politicians, judges, and election officials. The White House has condemned these incidents, and legislation has been introduced to impose severe penalties for swatting hoaxes. CISA, responsible for protecting elections and infrastructure, has faced threats and conspiracy theories. Swatting, initially a tactic used by online gamers, has evolved into a tool to target individuals and institutions, including senior government officials.
Ransomware gangs may soon move away from relying on critical security flaws due to the success of law enforcement in the past year, according to a report by Symantec. The report suggests that hackers may rebuild their own tools, leading to a shift back to the reliance on botnets for ransomware attacks. Organizations are advised to align their defenses against hacking groups’ tactics and procedures rather than specific ransomware strains.
According to a survey conducted by SecureAuth, most organizations lack confidence in traditional multi-factor authentication (MFA) as a stand-alone solution. Many organizations are adopting passwordless authentication methods, such as biometrics and security tokens, to enhance security and improve user experience. This shift is driven by the need for more robust security measures, alignment with cyber insurance requirements, and the elimination of complex passwords. SecureAuth offers a passwordless continuous authentication solution that leverages AI and an ML-driven risk engine.
Why do we care?
Threats are dynamic, and we’re seeing another shift going on. Botnets may return, and As ransomware gangs potentially shift away from exploiting critical security flaws, as noted in the Symantec report, organizations must stay vigilant and proactive. And let’s not forget the physical element of security, as highlighted in the swatting incident.