Darktrace’s latest End of Year Threat Report indicates a significant shift in cyber threats and attack methods for the last half of 2023. The report highlights cybercriminals’ growing reliance on as-a-service tools and highlights the evolving strategies of attackers.
As-a-service attacks continue to be the primary threat, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) as the main tools used by cybercriminals. These services provide criminals with features such as prepackaged malware, payment processing systems, and phishing email templates, allowing attackers who lack sophisticated technical knowledge to launch attacks.
The most prevalent as-a-service tools observed by Darktrace from July to December 2023 include malware loaders, which account for 77% of the threats examined. This is followed by crypto miners (52% of surveyed threats), which use infected devices to mine cryptocurrency, and botnets (39% of surveyed threats), which enroll users in wider networks of compromised devices for large-scale attacks. Information-stealing malware, designed to covertly access and collect sensitive data, accounted for 36% of the threats examined, while proxy botnets accounted for 15%.
The study shed light on the rapidly growing threats to replace Hive ransomware, previously identified as one of the top Ransomware-as-a-Service attacks in 2023. When Hive was dismantled by the US government in January 2023, a void was created that was quickly filled by threats such as ScamClub, known for spreading fake virus warnings to leading news sites, and AsyncRAT, most recently responsible for attacks on US infrastructure workers.
Between September 1 and December 31, 2023, Darktrace detected 10.4 million phishing emails. However, in addition to traditional methods such as phishing, cybercriminals are adopting more sophisticated strategies designed to circumvent traditional security parameters. The report cites the rise of phishing in Microsoft Teams as an example of these advances. In this method, attackers impersonate coworkers to trick employees into clicking malicious links deployed on the Teams platform.
Another emerging trend is the development of multifunctional malware that causes maximum damage. Deployed primarily by sophisticated entities such as cyber cartels, these multitasking threats offer a variety of options. One such multipurpose malware is the Black Basta ransomware, which also provides the Qbot banking trojan for stealing credentials.
Hanah Darley, director of threat research at Darktrace, commented: “Throughout 2023, we have seen significant development and evolution of malware and ransomware threats, as well as a change in attacker tactics and techniques resulting from innovation in the technology industry in general, including the rise of generative artificial intelligence. In this context, the breadth, scale, and complexity of threats facing organizations have grown significantly.” She emphasized the need for security teams to stay ahead of new attacks and avoid yesterday’s threats.