The data for the year showed that ransomware operators continued to change ransomware tactics, including leveraging remote encryption (using an unmanaged device on organizations’ networks to encrypt files on other systems in the network), and targeting managed service providers’ remote monitoring and management software. Also:

    • “More than 90%” of all cyberattacks in the 2023 incidents analyzed involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft.
    • Second to ransomware attacks, business email compromise (BEC) attacks were the second highest type of attacks targeting SME customers.
    • In 2023 the BEC attacks and other social engineering campaigns contained an increasing level of sophistication, including sending a series of conversational emails or even calling them (on the pretext of package delivery failure) in order to coax them to open specific malicious links and attachments in a malspam attack.
    • In an attempt to evade detection by traditional spam prevention tools, attackers were experimenting with new formats for their malicious content, embedding images that contain malicious code in Microsoft OneNote or password-locked compressed-file formats. In one case, attackers sent a PDF document with a blurry, unreadable thumbnail of an “invoice”. The download button actually contained a link to a malicious website.