Candid Wuest, Vice President, Cyber Protection Research, Acronis

Cybersecurity has come a long way since its inception, but so have the cyber criminals who gave it purpose. Today’s world is more digitally dependent than ever. IT environments are becoming increasingly complex, and small flaws in resilience can significantly impact an organisation’s ability to continue operating despite security incidents or breaches. Here are the six reasons for ransomware active in 2023.

  • Ransomware is still active: The ransomware threat remains active and evolving. While we are witnessing an increase in data exfiltration, the main actors are continuing to professionalise their operations. The majority of the major players have expanded to macOS and Linux and are also investigating the cloud environment. New programming languages, such as Go and Rust, are becoming more popular, necessitating changes to analysis tools. Attacks will continue to increase as long as they are profitable, especially when cyber insurance covers some of the consequences. Attackers will increasingly concentrate their efforts on uninstalling security tools, deleting backups, and disabling disaster recovery plans. Techniques for living off the land will be critical in this.
  • Data breaches for the general public: Malware that steals information, such as Racoon and Redline, is becoming the norm for infections. Stolen data frequently includes credentials, which are then sold for use in subsequent attacks by initial access brokers. The increasing number of data blobs, combined with the complexity of interconnected cloud services, will make it more difficult for businesses to keep track of their data. The requirement for multiple parties to access the data makes keeping it encrypted and protected more difficult. A single leaked application programming interface (API) access key, such as one discovered on GitHub or in the mobile app, can be sufficient to steal all data. This will lead to advancements in privacy-conscious computing.
  • Phishing goes beyond emails: Millions of malicious emails and phishing attacks are still being sent. Attackers will continue to use previously leaked data to automate and personalise their attacks. To avoid filtering and detection, socially engineered scams such as Business Email Compromise Attacks (BEC) will increasingly spread to other messaging services such as text messaging, slack, teams chat, and so on. Phishing, on the other hand, will continue to use proxies to capture session tokens, steal MFA tokens, and disguise itself with diversions such as QR codes.
  • Unsmart contracts: The attacks on cryptocurrency exchanges and smart contracts on various blockchains do not appear to be coming to an end. Nation-state attackers are also attempting to steal hundreds of millions of dollars in digital currencies. In addition to the traditional phishing and malware attacks against their users, more sophisticated attacks on smart contracts, algorithmic coins, and defi solutions continue.
  • Living within your infrastructure: Service providers are increasingly being targeted and hacked. The attackers then take advantage of the installed tools, such as PSA, RMM, or other deployment tools, to live off the land. They are not only managed IT service providers, but also consulting firms, first-level support organisations, and other partners with similar interests. Without painstakingly crafting software supply chain attacks, these outsourced insiders are frequently deployed as the weakest link in a target organisation.
  • The rise of sophisticated ransomware attacks has highlighted data exfiltration: Attacks on sensitive data will continue to plague organisations in 2023 and beyond due to their increasing prevalence and sophistication. Double extortion attacks are more powerful because they encrypt sensitive and proprietary data, hold it for ransom, and then publish the data on the dark web unless organisations pay up. “There are now more ways for attackers to monetise data,” according to the Verizon 2022 Data Breach Investigations Report.