Security News > 2023 > December > Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware
We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware.
More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.
Multiple leaks of ransomware source code and builders also affected the ransomware threat landscape because these allowed more people to start their own operations.
Cisco Talos states that "Clop's repeated efforts to exploit zero-day vulnerabilities is highly unusual for a ransomware group given the resources required to develop such capabilities," yet it is still unsure that they do develop exploits on their own.
The improvements in ransomware detection capabilities from Endpoint Detection and Response and Extended Detection and Response software might be one reason for switching tactics and stopping deploying ransomware on the targeted systems.
The IcedID new samples have been used by initial access brokers known for commonly selling network accesses to ransomware groups.
News URL
https://www.techrepublic.com/article/cisco-talos-year-end-report/
Related news
- Keytronic reports losses of over $17 million after ransomware attack (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (source)
- Acronis warns of Cyber Infrastructure default password abused in attacks (source)
- Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks (source)
- Columbus investigates whether data was stolen in ransomware attack (source)
- Ransomware Attacks Are Attracting Record Payouts in Australia. Should You Pay the Ransom? (source)
- Black Basta ransomware switches to more evasive custom malware (source)
- CISA warns of VMware ESXi bug exploited in ransomware attacks (source)
- OneBlood's virtual machines encrypted in ransomware attack (source)