Our annual analysis of the most notorious malware has arrived. As always, it covers the trends, malware groups, and tips for how to protect yourself and your organization.
This post covers highlights of our analysis, including the rise of ransomware as a service (RaaS), the six nastiest malware groups, and the role of artificial intelligence in both cybersecurity and cyberthreats.
Malware Shifts to RaaS
To say cybercriminals have come a long way since their humble beginnings — when floppy disks were used to spread malware infections — is an understatement. Their tactics have evolved significantly over the years, with ransomware now the malware of choice for cybercriminals.
The allure of ransomware is not surprising given the combination of financial gains and potential for anonymity. Never satisfied in their quest to scale operations and increase revenue potential, criminal actors have shifted their focus to a relatively new “business model” that is proving very successful — ransomware-as-a-service (RaaS). By removing the technical barriers for prospective affiliates, RaaS makes it easy for big players to grow their “enterprise.”
Who Made The Malware List?
Topping 2023's nastiest malware is CI0p. This ransomware group made a name for itself with the MOVEit campaign, which drove up the average ransom payment to nearly three-quarters of a million dollars. To date, this campaign is known to have impacted more than 1,150 organizations and over 60 million individuals, putting its global cost at close to $11 billion.
Also on the list are four new ransomware gangs — Black Cat, Akira, Royal, and Black Basta — believed to be the next generations of previous big players. They join a familiar name on the list, Lockbit.
We ranked these six malware groups accordingly:
- Cl0p, a RaaS platform, became famous following a series of cyberattacks that exploited a zero-day vulnerability in the MOVEit file transfer software developed by Progress Software.
- Black Cat, believed to be the successor to the REvil ransomware group, built its RaaS platform on the Rust programming language. Black Cat made headlines for taking down MGM Casino Resorts.
- Akira, presumed to be a descendant of Conti, primarily targets small- to medium-sized businesses. Most notably, Akira ransomware targeted Cisco virtual private network (VPN) products to breach corporate networks, steal data, and encrypt it.
- Royal, suspected heir to Ryuk, uses whitehat penetration testing tools to move laterally in an environment and gain control of the entire network. A unique partial encryption approach allows the threat actor to choose a specific percentage of data in a file to encrypt.
- Lockbit 3.0, a main stain on the list and last year’s winner, continues to wreak havoc. Now in its third epoch, Lockbit 3.0 is more modular and evasive than its predecessors.
- Black Basta, one of the most active RaaS threat actors, is considered to be yet another descendant of the Conti ransomware group. It has gained a reputation for targeting all types of industries.
An Intelligent Future: Artificial Intelligence and Machine Learning
For six years, the OpenText Cybersecurity threat intelligence team has witnessed a steady increase in the number and sophistication of malware attacks, which show no signs of slowing down. Threat actors are creative and resourceful in their attempts to trick users and exploit software and computer vulnerabilities. And while the use of AI and ML in cybersecurity is still in its early stages, it is rapidly evolving. This is good and bad news.
AI and ML have the potential to make the world a safer place, but they could also be used for malicious purposes. Rather than taking a wait-and-see approach, businesses of every size must take steps to protect themselves and mitigate the risks.
Guest blog courtesy of OpenText Cybersecurity. Author Tyler Moffitt is senior security analyst at OpenText Cybersecurity. Read more OpenText news and blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.