One cybersecurity firm’s data reflected increasing sophistication and resilience in organized cybercrime groups while the world was still chasing yesterday’s threats.

Based on data analysis of around 9,200 of its users around the world, a cybersecurity firm has issued a report on the 2023 cyber threat landscape.

The findings show that ‘?-as-a-Service’ attacks continued to dominate the firm’s customers, with Malware-as-a-Service and Ransomware-as-a-Service tools making up the majority of malicious tools in use by attackers.

The most common ‘as-a-Service’ tools identified in the firm’s protection ecosystem from July to December 2023 were:

    • Malware loaders (77% of investigated threats), which can deliver and execute other forms of malware and enable attackers to repeatedly target affected networks.
    • Cryptominers (52% of investigated threats), which use an infected device to mine for cryptocurrency.
    • Botnets (39% of investigated threats) that enroll users in wider networks of infected devices, which attackers then leverage in larger-scale attacks on other targets.
    • Information-stealing malware (36% of investigated threats), which are malicious software like spyware or worms, designed to secretly access and collect sensitive data from a victim’s computer or network.
    • Proxy botnets (15% of investigated threats), more sophisticated botnets that use proxies to hide the true source of their activity.

Other notable findings

The report by Darktrace also reveals a changing of the guard. At the beginning of 2023, after the dismantling of Hive ransomware (one of the major Ransomware-as-a-Service attacks in the firm’s user base), there had been rapid growth of a range of threats filling the void, including ScamClub, a malvertising actor notorious for spreading fake virus alerts to notable news sites, and AsyncRAT, responsible for attacking US infrastructure employees in recent memory. Also:

    • 10.4m phishing emails had been detected in the firm’s ecosystem between September and December 2023 amid novel attack techniques emerging as greater risk.
    • Cybercriminals were noted to be employing sophisticated techniques to circumvent traditional security measures during the period of analysis. One notable example is the exploitation of platforms like Microsoft Teams to distribute malware such as DarkGate.
    • Noted growth of malware designed with multiple functions to inflict maximum damage. Often deployed by sophisticated groups like cyber cartels, such as the recent Black Basta ransomware that also spreads the Qbot banking trojan for credential theft. Such multi-tasking malware lets attackers cast a wide net to monetize infections.

According to the firm’s Director of Threat Research, Hanah Darley: “Security teams face an uphill battle to stay ahead of attackers, and need a security stack that keeps them ahead of novel attacks, not chasing yesterday’s threats.”