Politically motivated ransomware declines as attackers switch back to old targets

Ransomware operators have turned their attention away from politically motivated attacks focusing on Russia back to their usual targets such as the United States, China, and Israel.

The latest T2 2022 threat report from ESET also shows the total number of RDP attack attempts has declined by a further 89 percent. The likely reasons for the decline are post-COVID return to offices, improved security, and the Russia-Ukraine war.

"In T1 2022, Russia was also the country that was most targeted by ransomware, with some of the attacks being politically or ideologically motivated by the war. However, ESET Threat Report T2 2022 shows that this hacktivism wave has declined in T2, and ransomware operators turned their attention towards the United States, China, and Israel," says Roman Kováč, chief research officer at ESET.

The Emotet malware continues to be a problem, although its operators seem to have taken time off in August. They have also adapted to Microsoft's decision to disable VBA macros in documents originating from the internet and focused instead on campaigns based on weaponized Microsoft Office files and LNK files.

ESET phishing feeds also showed a sixfold increase in shipping-themed phishing lures, most of the time presenting the victims with fake DHL and USPS requests to verify shipping addresses. "In terms of threats directly affecting virtual and physical currencies, a web skimmer known as Magecart remains the leading threat going after online shoppers' credit card details. We also saw a twofold increase in cryptocurrency-themed phishing lures and a rising number of cryptostealers," explains Kováč.

The full report is available on the ESET blog.

Photo credit: Ton Snoei / Shutterstock