Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,198
- Points
- 113
An analysis of trends and tactics showed how attackers have changed the cybersecurity landscape.
Ransomware has become one of the main cyber threats in 2023. NSHC specialists analyzed the attacks and identified many interesting trends and features.
During the year, 304 attacks were recorded, with the peak occurring in February and November. In February, the number of attacks increased due to vulnerabilities identified at the beginning of the year, which attackers were quick to take advantage of. In November, attacks intensified in the run-up to Black Friday, when businesses become particularly vulnerable due to the increased volume of operations.
The analysis showed that both cybercrime groups and state-backed APT groups are behind the attacks. The largest number of attacks was recorded by cybercriminals using the RAAS (Ransomware-as-a-Service) model, which simplifies the creation and distribution of ransomware.
Hackers most often attacked the United States and European countries. The main victims were large corporations and organizations that can pay a ransom. Industrial enterprises and financial organizations were particularly frequently attacked. In manufacturing, attacks lead to factory shutdowns and serious financial losses, making companies prone to paying ransoms. The financial sector is attractive to attackers because of the large amount of data processed and the high probability of receiving a ransom.
Windows-based systems were the most frequently attacked, followed by Linux and macOS, with most attacks targeting Windows installed on employees computers. Attacks on Linux were often directed at servers, which could cause serious disruptions in the work of companies.
Hackers used vulnerabilities and open source to break into the systems. In the first half of the year, the most popular methods were the exploitation of public applications and the use of compromised accounts. In the second half of the year, attacks via remote services were added.
Attackers actively exploited software vulnerabilities to break into systems. The most popular were CVE-2021-21974 (CVSS score: 8.8) in VMware ESXi, CVE-2023-27350 (CVSS score: 9.8) in PaperCut, and CVE-2021-27876 (CVSS score: 8.1) in Veritas Backup Exec. Errors allowed remote code execution or unauthorized access to data.
Hackers actively used open and free tools to distribute and manage attacks. Among the most popular programs were remote access programs AnyDesk and PuTTY, as well as a tool for collecting credentials Mimikatz. A very popular tool among attackers is Cobalt Strike, which is used for penetration testing, but is also great for managing malware.
Cybercriminals preferred to use anonymous means of communication, such as Onion Mail and Telegram, to interact with victims and coordinate attacks. The services allow you to remain anonymous and avoid prosecution by law enforcement agencies.
The ransom was usually demanded in cryptocurrency, mainly in bitcoins, which also contributed to maintaining anonymity. In 2023, the value of bitcoin continued to grow, which made it particularly attractive for receiving a ransom.
NSHC research has shown that ransomware attacks remain a serious threat that requires constant attention and improved security measures. Companies must be prepared for new challenges and strengthen their cyber defenses to minimize risks and potential losses.
To prevent damage, you need to create a response system based on data related to recent ransomware attacks. For this purpose, it is necessary to collect information about cyber threats, which will allow you to learn about the methods and tools of attacks, as well as create an active response system.
Source
Ransomware has become one of the main cyber threats in 2023. NSHC specialists analyzed the attacks and identified many interesting trends and features.
During the year, 304 attacks were recorded, with the peak occurring in February and November. In February, the number of attacks increased due to vulnerabilities identified at the beginning of the year, which attackers were quick to take advantage of. In November, attacks intensified in the run-up to Black Friday, when businesses become particularly vulnerable due to the increased volume of operations.
The analysis showed that both cybercrime groups and state-backed APT groups are behind the attacks. The largest number of attacks was recorded by cybercriminals using the RAAS (Ransomware-as-a-Service) model, which simplifies the creation and distribution of ransomware.
Hackers most often attacked the United States and European countries. The main victims were large corporations and organizations that can pay a ransom. Industrial enterprises and financial organizations were particularly frequently attacked. In manufacturing, attacks lead to factory shutdowns and serious financial losses, making companies prone to paying ransoms. The financial sector is attractive to attackers because of the large amount of data processed and the high probability of receiving a ransom.
Windows-based systems were the most frequently attacked, followed by Linux and macOS, with most attacks targeting Windows installed on employees computers. Attacks on Linux were often directed at servers, which could cause serious disruptions in the work of companies.
Hackers used vulnerabilities and open source to break into the systems. In the first half of the year, the most popular methods were the exploitation of public applications and the use of compromised accounts. In the second half of the year, attacks via remote services were added.
Attackers actively exploited software vulnerabilities to break into systems. The most popular were CVE-2021-21974 (CVSS score: 8.8) in VMware ESXi, CVE-2023-27350 (CVSS score: 9.8) in PaperCut, and CVE-2021-27876 (CVSS score: 8.1) in Veritas Backup Exec. Errors allowed remote code execution or unauthorized access to data.
Hackers actively used open and free tools to distribute and manage attacks. Among the most popular programs were remote access programs AnyDesk and PuTTY, as well as a tool for collecting credentials Mimikatz. A very popular tool among attackers is Cobalt Strike, which is used for penetration testing, but is also great for managing malware.
Cybercriminals preferred to use anonymous means of communication, such as Onion Mail and Telegram, to interact with victims and coordinate attacks. The services allow you to remain anonymous and avoid prosecution by law enforcement agencies.
The ransom was usually demanded in cryptocurrency, mainly in bitcoins, which also contributed to maintaining anonymity. In 2023, the value of bitcoin continued to grow, which made it particularly attractive for receiving a ransom.
NSHC research has shown that ransomware attacks remain a serious threat that requires constant attention and improved security measures. Companies must be prepared for new challenges and strengthen their cyber defenses to minimize risks and potential losses.
To prevent damage, you need to create a response system based on data related to recent ransomware attacks. For this purpose, it is necessary to collect information about cyber threats, which will allow you to learn about the methods and tools of attacks, as well as create an active response system.
Source
