The latest End of Year Threat Report by Darktrace indicates a significant shift in cyber threats and attack methods over the last half of 2023. The report draws attention to an increasing reliance by cybercriminals on as-a-service tools and underscores evolving attacker strategies.
According to the findings, as-a-service attacks continue to be the primary threats, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) representing the major portion of tools wielded by cybercriminals. These services provide criminals with functionalities such as pre-made malware, payment processing systems, and phishing email templates, thus enabling attackers who lack sophisticated technical expertise to launch attacks.
The most prevalent as-a-service tools recorded by Darktrace from July to December 2023 include malware loaders, accounting for 77% of investigated threats. These are followed by cryptominers (52% of investigated threats) that use infected devices for cryptocurrency mining and botnets (39% of investigated threats) that enrol users in wider networks of compromised devices for large-scale attacks. Information-stealing malware, designed to clandestinely access and gather sensitive data, comprised 36% of examined threats while proxy botnets made up 15%.
The study shed light on the fast-growing threats replacing Hive ransomware, previously identified as one of the major Ransomware-as-a-Service attacks in 2023. When Hive was dismantled by the US government in January 2023, there arose a void which was quickly filled by threats such as ScamClub, known for spreading fake virus alerts to leading news sites and AsyncRAT, lately responsible for attacks on US infrastructure employees.
In the period between 1st September and 31st December 2023, Darktrace detected 10.4 million phishing emails. However, alongside traditional methods such as phishing, cyber criminals are adopting more sophisticated strategies designed to sidestep traditional security parameters. The report cites the rise of Microsoft Teams phishing as an example of these advances. In this method, attackers impersonate co-workers to trick employees into clicking harmful links deployed in the Teams platform.
Another emerging trend is the development of multi-functional malware to inflict maximum damage. Deployed primarily by sophisticated bodies like cyber cartels, these multi-tasking threats offer different capabilities. The Black Basta ransomware, which also delivers the Qbot banking trojan for credential theft, is one such multi-use malware.
Hanah Darley, Director of Threat Research at Darktrace, remarked, "Throughout 2023, we observed significant development and evolution of malware and ransomware threats, as well as changing attacker tactics and techniques resulting from innovation in the tech industry at large, including the rise in generative AI. Against this backdrop, the breadth, scope, and complexity of threats facing organisations has grown significantly." She emphasized the need for security teams to stay ahead of novel attacks and avoid trailing yesterday's threats.