DeepInstinct Cyber Threat Landscape Report 2023

Keypoints

• Annual cybersecurity reports typically consist of sections such as an introduction to overall threat trends, detailed analyses of malware families, threat actor profiles, key attack vectors, and future predictions.
• Key statistics from these reports include the significant increase in ransomware victims in 2023, surpassing total victim counts from previous years, driven by large-scale campaigns exploiting vulnerabilities like MOVEit and Zimbra.
• Emerging ransomware families such as LockBit, BlackCat (AlphaV), Cl0p, and Royal continue to evolve with advanced features, including affiliate programs, anti-analysis techniques, and targeted attacks on critical infrastructure sectors.
• Threat actor tactics are adapting to defenses—moving from macros to more evasive methods like LNK, JavaScript, and compressed, artificially inflated files to evade detection tools.
• State-sponsored cyber attacks persist at record levels, especially involving Russia and Iran, with sophisticated tools such as new C2 frameworks and undisclosed malware variants targeting geopolitical and critical sectors.
• Analysis reveals a shift in stealer and RAT activity, with groups like Emotet, Qakbot, and NanoCore remaining dominant, employing obfuscation, modular malware, and exploiting vulnerabilities for widespread infection.
• Major threats for 2024 include AI-driven, highly customized attacks, large-scale vulnerabilities leading to extensive breaches, and increased use of AI by nation-state actors in cyber warfare. Enhancements in malware evasion, such as artificial inflation and new delivery vectors like JavaScript, are also predicted to rise.
• Despite the shutdown of prominent underground forums, emerging markets and alternative channels continue to facilitate cybercrime activities. Exploited vulnerabilities like MOVEit are expected to fuel future attacks, and the adoption of LLMS introduces new risks for malware development and deployment.