From the CEO's Desk
I am pleased to share the annual Intel 471 Cyber Threat Report. Our intention is to assist cyber security practitioners across the globe by sharing trends observed and studied by our Research and Analysis Teams. The cyber underground insights in this report will guide cyber professionals in adjusting their strategic and tactical programs, as well as their investments in these challenging economic times. This report delves into key trends both increasing and decreasing in momentum; and, how these will influence the anatomy of the cyber underground and cybercrime over the year.
Readers can expect to gain data-driven insights that will help them shape their cybersecurity policies and initiatives to better protect and defend their organizations and assets. Some key takeaways include:
The most frequent tactics, techniques and procedures (TTPs) observed in the underground are heavily weighted in the early stages of a typical attack chain.
Ransomware persists as one of the primary threats to organizations worldwide. We reported almost 2,000 ransomware breach events in the first half of 2023, with LockBit 3.0 remaining the most impactful with more than 500 breaches.
Pro-Russian hacktivism remains the most significant byproduct of Russia’s war in Ukraine within the cybercriminal underground. However, we observed a noticeable decline in activity in the second quarter of 2023.
The popularity of access sales endured, as we observed and reported more than 2,000 claims from access vendors offering to sell compromised credentials and/or alleged unauthorized access to networks or systems in the first half of 2023.
Threat actors continue to exploit a wide range of vulnerabilities. We documented about 260 vulnerabilities in our reports over the first half of 2023 — 28% were rated as high risk, 42% medium and 30% low, while 14% were productized, 52% were weaponized and 18% had only proof-of-concept (PoC) code available.
The malware landscape remained an ever-changing environment, with notable activity observed regarding two long-tenured botnets — Emotet and QBot.
In addition to the aforementioned prominent cybercrime trends, we also observed an increase in discussions and activity related to artificial intelligence (AI), instances of law enforcement operations and disruption, and drainer malware. We also observed a decrease in discussions and activity related to dump shops, ATM malware and physical attacks, and point-of-sale (PoS) malware.
This report is but one way that Intel 471 demonstrates its commitment to our customers. We enable organizations to counter the threat of cybercrime by unlocking the power of cyber threat intelligence and support all aspects of the business and across the range of maturity levels.
Jason Passwaters
CEO & Co-Founder