The second half of 2023 saw an increase in Malware-as-a-Service (MaaS) infections, with a new Darktrace report claiming this to be the biggest threat to organizations. The 2023 End of Year Threat Report highlighted the cross-functional adaption of many of the malware strains, combining malware loaders like remote access trojans (RATs) with information-stealing malware.
According to Darktrace researchers, these malicious tools are particularly dangerous to organizations as they can harvest data and credentials without exfiltrating files, making detection harder. The report cited that ViperSoftX, an information stealer and RAT malware, was known to gather privileged information such as cryptocurrency wallet addresses and password information stored in browsers or password managers. New strains identified in 2022 and 2023 contain more sophisticated detection evasion techniques and capabilities.
The report also noted that Black Basta ransomware was spreading the Qbot banking trojan for credential theft. The most commonly observed MaaS tools in investigated threats during the period from July to December 2023 were malware loaders (77%), cryptominers (52%), botnets (39%), information-stealing malware (36%), and proxy botnets (15%).
Furthermore, the report highlighted an uptick in Ransomware-as-a-Service (RaaS) attacks in 2023, marking a shift away from conventional ransomware. This was attributed to the dismantling of the Hive ransomware group by law enforcement in January 2023, leading to an increased proliferation of the ransomware marketplace. Darktrace predicted that more ransomware actors will utilize multi-functional malware for double and triple extortion tactics next year, as the MaaS and RaaS ecosystems continue to grow, lowering the barrier to entry for cybercriminals.
Another emerging trend noted in the report was the use of generative AI tools by threat actors to craft more convincing phishing campaigns, increasing the effectiveness of email attacks such as phishing. Last year, 65% of phishing emails observed successfully bypassed Domain-based Message Authentication (DMARC) verification checks, while 58% of these messages passed through all security layers. Hanah Darley, Director of Threat Research at Darktrace, commented on the significant development and evolution of malware and ransomware threats, as well as changing attacker tactics and techniques resulting from innovation in the tech industry, including the rise in generative AI.
She added, “Against this backdrop, the breadth, scope, and complexity of threats facing organizations has grown significantly.” This highlights an alarming trend where threat actors are becoming increasingly sophisticated in their tactics, making it crucial for organizations to stay ahead of these evolving threats to protect their data and digital assets. As the threat landscape continues to develop, organizations must also adapt and enhance their cybersecurity measures to ensure resilience against these advanced and multifaceted attacks.