Positive Technologies has released findings from its study on the cybersecurity landscape in Q3 2023, revealing that the proportion of malware attacks held steady at 45%, consistent with Q2 figures. The introduction of decryption tools, however, contributed to a decline in the prevalence of encryption malware. A concerning trend emerged as ransomware groups increasingly threatened to expose pilfered data without encrypting targeted systems or information. Security experts observed novel tactics employed by ransomware operators, including unconventional social engineering methods.
The analysis indicates a marginal reduction in the overall number of cyber incidents in Q3 compared to the previous quarter. Vulnerability exploitation remained a popular attack method, accounting for 37% of total incidents. Cybercriminals continued to exploit vulnerabilities in widely used IT solutions, underscoring the significance of regular software updates and robust security practices.
Alexey Novikov, Head of the Positive Technologies Expert Security Center
“This decline to broader access to decryption tools and the shift among extortion groups toward threatening to publish victims’ data instead of encrypting it. He also highlighted emerging trends such as double posting, where two ransomware groups claim to breach the same organization and each demands a ransom.”
While malware attacks maintained a 45% share in Q3, there was a notable 6-percentage-point decrease in the use of encryption malware.
One distinctive strategy was identified from the ransomware group Ransomed.vc, posing as a pentesting service and leveraging the European Union’s General Data Protection Regulation (GDPR). In cases of non-compliance, the group publishes stolen data, leading to fines for the affected organization—a tactic referred to as “lawful extortion.”
Positive Technologies reported a rise in spyware attacks on individuals to 65% in Q3, with spyware detected in 20% of successful attacks on organizations. Social engineering remained a pervasive threat, accounting for 92% of risks to individuals and 37% to organizations. Phishing scams, capitalizing on topics like employment, political unrest, and cryptocurrency investments, persisted.
The experts recommended protective measures, including the use of sandboxes for malware analysis, regular backups to guard against encryption attacks, and heightened online vigilance. Social engineering techniques, constantly evolving, necessitate cautious behavior online, with users advised to exercise skepticism towards suspicious links and unverified attachments.
Data breaches remained the most common consequence of successful attacks on both organizations (56%) and individuals (61%). Financial losses and disruption to core business functions followed as significant repercussions. Despite a decline in the latter for organizations, encryption attacks still pose severe risks, as evidenced by the loss of three months’ worth of email history in a recent attack on governmental agencies in Sri Lanka.