Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) attacks were the most frequently identified and prevented in the first half of 2023. A self-learning AI is the key to defense.
Darktrace's security experts present important cyber threats to companies in the first half of 2023 in a comprehensive report. They take an unusual approach to detecting cyber attacks: Instead of examining the patterns of previous attacks, Darktrace's self-learning AI understands the normal activity patterns of each customer. This allows it to quickly identify anomalies that indicate known and unknown threats. Many malware strains use components from other strains - similar to Dr. Frankenstein created his monster.
“Frankenstein” approach is likely to increase
Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) are the most commonly identified and blocked threats. They will continue to affect companies the most. One of the most common forms of RaaS is Hive ransomware.
Both Hive and many other MaaS and RaaS attacks are often complemented by other tools, including legitimate security applications such as Cobalt Strike. This “Frankenstein” approach of combining malicious and everyday applications is likely to increase.
Beaconing was the most commonly observed activity pattern by Darktrace's Cyber AI Analyst. A periodic digital signal is exchanged between an infected device and a command-and-control server to control the malware remotely.
The manufacturing sector was particularly affected by unusual activity in the first half of 2023. This is followed by the information and communication, finance and insurance, health and social services and education sectors.
The following trends can be expected for the future:
Barriers to entry are falling – Today, even novice cybercriminals can carry out highly customizable cyber attacks using easy-to-use tools. This increases the risk to organizations, especially when hackers use legitimate, everyday applications and tools to carry out their attacks.
Continued cyber attacks on the supply chain – As supply chains grow, cascading cyber attacks will increase. For example, the X_Trader website was apparently compromised by North Korean hackers. After a 3CX employee downloaded an affected version of the X_Trader software, this led to the 3CX supply chain attack. Going forward, criminals are likely to attempt to disrupt multiple technology platforms through continued supply chain attacks.
Increasing cloud threats – Increasing cloud usage is making hacks easier, with cybercriminals simply logging in using stolen credentials. Sensitive information that was previously only stored on site is now accessible via common tools that can be used from anywhere. Because passwords are still widely used to access SaaS and cloud applications, cloud-based identity attacks remain an important attack method.
More at DarkTrace.com
About Darktrace Darktrace, a global leader in artificial intelligence for cybersecurity, protects businesses and organizations with AI technology from cyberattacks. Darktrace's technology registers atypical traffic patterns that indicate possible threats. In doing so, it recognizes novel and previously unknown attack methods that are overlooked by other security systems.