With the rise of ransomware-as-a-service gangs like LockBit and ALPHV, known ransomware attacks surged by 68% in 2023 and reached a record level, according to the latest State of Malware report by Malwarebytes.
The total number of known cyberattacks stood at 4475 in 2023. The US accounted for almost half – 45% – of ransomware attacks. The UK comes second with 7% of costly incidents, followed by Canada, Italy, and Germany, with 4% each.
“The largest ransom demand of the year was a staggering $80 million – requested by the LockBit gang following an attack on Royal Mail,” the report said.
Statistics reveal that May 2023 was the most intense month, with 560 ransomware attacks.
“Big game attacks extort vast ransoms from organizations by holding their data hostage – either with encryption, the threat of damaging data leaks, or both,” Malwarebytes said.
A multi-billion-dollar ransomware industry feeds off the legitimate economy and now supports entire supply chains, specialized organizations like access brokers, and malicious software vendors. It has brand names, PR stunts, HR departments, incentive schemes, and “employees of the month.”
“RaaS vendors sell everything you need to carry out a ransomware attack: The encrypting ransomware itself, access to a dark web leak site to hold and leak stolen data, and a means to negotiate with the victim. Affiliates pay for these services with a share of the ransoms they extort.”
LockBit was the biggest criminal name in 2023, with more than 1000 ransomware attacks attributed to the gang. However, other competitors are actively closing the gap.
New techniques emerge
Ransomware gangs now use Living of the Land (LotL) attacks – new, extremely difficult to detect techniques to hide in plain sight. Cybercriminals carry out malicious activities using legitimate tools like Powershell or Windows Management Instrumentation so that network activity appears normal to the untrained eye.
“Ransomware gangs like LockBit, ALPHV, and Royal use LOTL techniques to work unnoticed as they set up attacks inside corporate networks, elevating privileges, executing commands, downloading scripts, moving laterally, stealing data, and deploying ransomware,” Malwarebytes said.
Malicious advertising – or malvertising – also made a comeback in 2023 and threatened both businesses and consumers alike.
“Countless campaigns appeared impersonating brands such as Amazon, Zoom, and WebEx to deliver both Windows and Mac malware through highly convincing ads and websites that trick users into downloading malware on their devices. Malwarebytes ThreatDown Labs found Amazon, Rufus, Weebly, NotePad++ and Trading View to be the top five most impersonated brands.”
Malwarebytes ThreatDown Labs also found that attacks on Android, Mac, and Windows devices have also evolved.
Malwarebytes ThreatDown Labs detected Android banking trojans 88,500 times in 2023. In these attacks, banking trojans are disguised as regular apps like QR code scanners, fitness trackers, or even copies of popular applications like Instagram to copy banking passwords and steal money directly from accounts.
Malware on Macs accounted for 11% of detections last year. Despite declining PC sales, demand for Macs has grown.
“Today, Macs represent a 31% share of US desktop operating systems, while a quarter of businesses run Macs somewhere on their networks, making Apple's macOS an increasingly significant target for malicious actors,” the press release reads.
Against this backdrop, the world entered 2024 with shrinking IT and security teams and budgets, the company warned.
More from Cybernews:
Subscribe to our newsletter