Security News > 2023 > December > Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware
We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware.
More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.
Multiple leaks of ransomware source code and builders also affected the ransomware threat landscape because these allowed more people to start their own operations.
Cisco Talos states that "Clop's repeated efforts to exploit zero-day vulnerabilities is highly unusual for a ransomware group given the resources required to develop such capabilities," yet it is still unsure that they do develop exploits on their own.
The improvements in ransomware detection capabilities from Endpoint Detection and Response and Extended Detection and Response software might be one reason for switching tactics and stopping deploying ransomware on the targeted systems.
The IcedID new samples have been used by initial access brokers known for commonly selling network accesses to ransomware groups.
- Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (source)
- Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks (source)
- Critical infrastructure software maker confirms ransomware attack (source)
- Victoria court recordings exposed in reported ransomware attack (source)
- Capital Health attack claimed by LockBit ransomware, risk of data leak (source)
- US mortgage lender loanDepot confirms ransomware attack (source)
- Toronto Zoo: Ransomware attack had no impact on animal wellbeing (source)
- Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach (source)
- Hackers target Microsoft SQL servers in Mimic ransomware attacks (source)
- Majorca city Calvià extorted for $11M in ransomware attack (source)