ESET Threat Report H1 2023


The comeback of sextortion scams and other highlights from the latest ESET Threat Report


The ESET Threat Report H1 2023 reveals that, while ransomware and cryptocurrency threats stagnate, sextortion returns among the top types of phishing attacks, and Android SpyLoan apps spread rapidly, with an almost 90% increase in detection compared to H2 2022. 


The trends of the first half of 2023 highlight cybercriminals’ remarkable adaptability in achieving their nefarious goals – be it through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, or defrauding individuals.


What are the highlights of the latest ESET Threat Report?


  • One of the reasons for shifts in attack patterns is stricter security policies introduced by Microsoft, particularly on opening macro-enabled files. In the first half of 2023, attackers were trying to bypass these new measures using weaponized OneNote files and other alternative intrusion vectors, such as brute-force attacks against Microsoft SQL servers.


Detection trend of MSSQL attack attempts



  • An alarming surge of deceptive Android loan apps (SpyLoans) has been witnessed since the beginning of this year. Masquerading as legitimate personal loan services, these apps promise quick and easy access to funds when they are, in fact, designed to defraud the user by gaining their personal and financial information.
  • Contrary to previous experience, the rise in bitcoin price didn’t bring an increase in cryptomining and cryptostealing. The ever-fluctuating crypto exchange rates and recent successful law enforcement operations might be the reason behind the deviation from the trend.
  • It seems like the once-notorious Emotet botnet family has struggled to adapt to the shrinking attack surface, possibly indicating that a different group has acquired the botnet.
  • We observed a comeback of so-called sextortion scam emails, in which the attackers claim to have data of sexual nature obtained through malware and hacked webcams. Such blackmailing should be confidently ignored as an empty threat.
  • In the ransomware arena, actors increasingly reused previously leaked source code to build new ransomware variants. Although this allows more criminals to try their luck with ransomware, it also makes preexisting detections increasingly effective against emerging malware.


Find out more in the latest Threat Report by ESET Research.


Get your content


ESET Threat Report H1 2023 is summarizing the cybersecurity threat landscape development from December 2022 to May 2023. It includes key statistics from ESET detection systems and highlights notable examples of ESET’s cybersecurity research.

Watch the highlights from ESET Threat Report explained by ESET Chief Security Evangelist Tony Anscombe.

For regular updates on key trends and threats, follow ESET research on Twitter or subscribe to ESET Research podcast via SpotifyGoogle PodcastsApple Podcasts, or PodBean.