Positive Technologies has analyzed the relevant cyberthreats of Q2 2023. According to the report, the number of targeted attacks increased by 10% since the beginning of the year, now standing at 78%. Experts noted large-scale attacks that exploited vulnerabilities and numerous leaks of users’ personal data. Furthermore, the period saw an increase in successful cyberattacks on blockchain projects and an upsurge in ransomware activity targeting IT companies.
The report also shows that the number of incidents in Q2 2023 rose by 17% year-on-year. Successful cyberattacks on businesses commonly resulted in leakage of confidential information (67%) and disruption of core operations (44%).
Ransomware attacks grew by 13% in Q2 2023. Positive Technologies noted an increased share (11%) of IT organizations in the total number of ransomware victims. According to the experts, a possible reason for that growth could be that successful attacks allow cybercriminals to get to confidential client data.
Positive Technologies analysts recorded a new trend. Cybercriminals increasingly forgo encryption and threaten their victims with publishing the stolen data, rather than asking to pay a ransom for data decryption.
“We’ve been seeing attackers gradually abandon data encryption as their key means of pressuring victims. Using ransomware requires attackers to exert significant effort to bypass malware defenses and deploy the malware,” comments Positive Technologies research analyst Natalia Yushkova, “The added risk here is that the attackers may try using the stolen data for repeat attacks. Companies that find themselves under attack must promptly look for points of compromise and vulnerabilities, and make sure the criminals did not leave any backdoors open.”
Positive Technologies found that malicious actors continued to take advantage of older vulnerabilities along with new ones. Certain incidents suggest that vulnerabilities may be exploited again years after being discovered. Therefore, Positive Technologies experts recommend that companies set up a vulnerability management process by inventorizing all their infrastructural assets, finding vulnerabilities, ranking these by severity and comparing against trends, setting up software update policies, and monitoring remediation progress. VM (vulnerability management) systems can help with building that kind of process at companies.
Positive Technologies analysts recorded a trend for using spyware in attacks against individuals: cybercriminals employed that type of malware in 62% of all attacks, which was 23 percentage points above Q1 2023. Notably, the team at the Positive Technologies Expert Security Center (PT ESC) managed to discover a new stealer in Q2. It searches for files in the home directory and on local drives, and then sends these files to the C&C server, along with screenshots and the contents of the clipboard.
According to Positive Technologies assessments, blockchain projects remain an attractive target for attackers. These were attacked twice more frequently in Q2 2023 than in Q1. The biggest incident was the cyberattack on the owners of cryptocurrency exchange servers in Discord, resulting in $3 million stolen.
Q2 2023 was notable for several successful cyberattacks that had a major negative impact. The attack on the German IT services provider Bitmarck forced the company to shut down all of its client-facing and internal systems. This disrupted the operations of many health insurers, who could not get access to patient medical records, process digital sick leaves, or provide other online services. DDoS attacks on Microsoft cloud services prevented a number of companies from using email: Outlook was inaccessible to a total of 18,000 users as the attack reached its peak.
Hardening the network perimeter with the help of web application firewalls would be a key step toward a higher standard of corporate cybersecurity. To prevent malware infection, we recommend that you use sandboxes to analyze the behavior of files in a virtual environment and detect any malicious activity. Positive Technologies experts strongly recommend that you treat incoming email, instant messages, and messages you get on social media with caution and refrain from clicking any suspicious links.