Security News > 2023 > December > Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware

We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware.
More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.
Multiple leaks of ransomware source code and builders also affected the ransomware threat landscape because these allowed more people to start their own operations.
Cisco Talos states that "Clop's repeated efforts to exploit zero-day vulnerabilities is highly unusual for a ransomware group given the resources required to develop such capabilities," yet it is still unsure that they do develop exploits on their own.
The improvements in ransomware detection capabilities from Endpoint Detection and Response and Extended Detection and Response software might be one reason for switching tactics and stopping deploying ransomware on the targeted systems.
The IcedID new samples have been used by initial access brokers known for commonly selling network accesses to ransomware groups.
News URL
https://www.techrepublic.com/article/cisco-talos-year-end-report/
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- London celebrity talent agency reports itself to ICO following Rhysida attack claims (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)