One cybersecurity firm’s cyber incident metrics seem to suggest that attackers had been cutting back on mass tactics and aiming higher…
In analyzing its user ecosystem metrics for 2023, a cybersecurity firm has reported a 10% increase in total threats blocked, and has concluded that attackers had been using more advanced methods to target fewer victims to try and achieve higher ill-gotten financial gains.
The increase in cyber incidents were attributed to three attack trends.
First, email malware detected by the firm’s solutions had surged by 349% year-on-year (YoY), while malicious phishing URL detections had declined by 27% YoY.
Second, business email compromise detections had increased 16% YoY.
Third, ransomware detections had dropped 14% in 2023, despite a 35% increase in files with low cybersecurity reputations and thus blocked.
How SEA customers fared
Customers in South-east Asia (SEA) had experienced an overall increase in ransomware detections, making up more than half (52%) of the global number, and largely attributed to significant detections within the firm’s Thailand users. Also:
- Other markets such as Indonesia, Malaysia, Singapore, and the Philippines had seen a decline in ransomware detections, similar to the overall global trend. In Singapore, the number of ransomware detections had fallen by 42%.
- Outside of ransomware, customers in the SEA region generally saw a YoY decline in detections for other threats studied, including email threats (34%), malicious URL victims (7%), botnet victims (28%), and online banking malware (84%). A similar trend was seen in Singapore for 2023, reporting a YoY decline in multiple threats, with the most significant decline observed in email threats (68%). Malicious URL victims, botnet victims, and online banking malware, had experienced a decline of 7%, 18%, and 9% respectively.
According to David Ng, Country Manager (Singapore), Trend Micro, the firm reporting its annual cyber landscape metrics, threat actors in 2023 were becoming more prudent about selecting their targets, and becoming more skilled in bypassing early detection layers.
In the case of malicious emails, for instance, instead of launching large-scale attacks that relied on victims clicking on malicious links in websites and emails, cybercriminals had been targeting a smaller pool of higher-profile victims with more sophisticated attacks. This approach helps them evade network and email filters, which could explain the surge in file detections at endpoints.
“Similarly, in the case of ransomware, the increase in file reputation service detections suggests that threat actors had been getting better at evading primary detection via techniques such as Bring Your Own Vulnerable Driver and zero-day exploits, among others. While we have seen a decline in many threats in our region, we cannot rest on our laurels. Network defenders must continue to proactively manage risk across the entire attack surface today. Understanding the strategies favored by adversaries is the foundation of effective defence,” Ng said.
