One cybersecurity firm’s own protection ecosystem showed a 70% drop in ransomware detections, balanced by faster, more-targeted exploitations of vulnerabilities

Other findings

The H2 data also showed the following trends:

  • 44% of all ransomware and wiper samples in H2 2023 had targeted the industrial sectors. Compared to H1 data, ransomware detections had dropped by 70%. The theory is that attackers had shifted away from the traditional “spray and pray” strategy to more of a targeted approach in H2, focusing largely on the energy, healthcare, manufacturing, transportation and logistics, and automotive industries.
  • In H2, botnets communications took an average of 85 days to cease command and control (C2) communications after first detection. Compared to H1 botnet data, bot traffic had remained steady, with three entrants emerging: AndroxGh0st, Prometei, and DarkGate.
  • 38 of the 143 advanced persistent threat (APT) groups listed by MITRE were observed to be active during 2H 2023: Threat intelligence data indicates that 38 of the 143 Groups that MITRE tracks were active in the 2H 2023. Of those, Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig were the most active in H2.
  • On the Dark Web, threat actors in H2 had discussed targeting organizations within the finance industry most often, followed by the business services and education sectors. Details of more than 3,000 data breaches and 221 vulnerabilities had been shared on prominent Dark Web forums in H2. On Telegram channels, 237 vulnerabilities had been discussed. Finally, the data showed that the details of over 850,000 payment cards had been advertised for sale in H2.