Deep Instinct Threat Report: Ransomware, State-Sponsored Attacks, and AI-Powered Threats Surge in H1 2023

Ransomware-as-a-Service models, new underground markets, and the proliferation of LLMs combined to create massive opportunities for cybercriminals this year

Deep Instinct, the prevention-first cybersecurity company that stops unknown malware pre-execution with a purpose-built, AI-based deep learning (DL) framework, released its 2023 Bi-Annual Cyber Threat Report, which details the most pressing cyber threats of the year.

“This year feels different, like the start of a new era, as artificial intelligence quickly infiltrates the workforce and vulnerabilities like MOVEit continue to have a long-lasting impact on organizations”

“This year feels different, like the start of a new era, as artificial intelligence quickly infiltrates the workforce and vulnerabilities like MOVEit continue to have a long-lasting impact on organizations,” said Mark Vaitzman, Threat Lab Team Leader at Deep Instinct. “This report showcases how cybercriminals are adapting to these shifts and becoming more sophisticated in their approach. Prevention against these cyber attacks is possible, but it requires a change from the reactive, ‘assume breach’ mentality that has plagued the industry for far too long.”

CIO INFLUENCE News: Fortanix Introduces New Data Sovereignty Solutions for Enhanced Data Security

Top findings from Deep Instinct’s 2023 Bi-Annual Cyber Threat Report include the following:

Ransomware-as-a-Service (RaaS) attributed to a spike in H1 2023 ransomware victims.

The newest edition of the report found that more victims were affected by ransomware in the first half of 2023 than in the entirety of 2022. This is due to large-scale ransomware campaigns affecting a significant number of victims at once, such as the MOVEit vulnerability in early 2023. Additionally, threat actors continue to leverage RaaS to execute their attacks. From the launch of Lockbit’s affiliate program to new languages featured within BlackCat’s latest family, the impact and scale that RaaS offers ransomware gangs has proven successful.

State-sponsored attacks continue to rise and break records.

Russia has become one of the leading threat actors in the world. After several cyber attacks in 2022, including on Ukrainian government websites, organizations, and companies, several Russian groups such as Sandworm, Callisto, and Gamaredon continued their campaigns against the Eastern European nation in H1 2023.

In addition to Russia, Deep Instinct’s Threat Research team identified a new command and control framework, named PhonyC2, which has been used by the Iranian-based MuddyWater group since at least 2021. The threat lab also observed and analyzed a previously undocumented and undetected new variant of BPFdoor by Red Menshen, a Chinese threat actor.

CIO INFLUENCE News: NordPass Launches Fully Multi-Platform Passkey Support

Underground forums shutdown, but new alternative markets opened.

Throughout 2023, several large darknet and underground hacking forums were closed, including RAID Forums, Breached Forums, Genesis Market, and ASAP Market. Additionally, several ransomware leak sites were seized by the FBI, resulting in the arrests of cyber gang members. However, despite the arrests and closures, growth of the darknet continues. Deep Instinct has observed a flow of new ideas to avoid seizure, including mirroring and alternative protocols, as well as owners of previously shutdown forums opening new, alternative markets.

Cybercriminals taking advantage of LLMs.

The first half of 2023 saw the rise of powerful Large Language Models (LLMs). Cybercriminals took advantage of ChatGPT and other AI-based alternatives by using various jailbreaking guides in underground forums to build their own LLMs for attack, including WormGPT. Additionally, threat actors began abusing non-existent libraries suggested by ChatGPT, infiltrating those recommendations with malicious capabilities.