The escalation of cyber threats has reached new heights, with malicious actors deploying advanced tactics to exploit vulnerabilities and avoid detection, as reported by Darktrace. The use of subscription-based tools like Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) has made it easier for less experienced attackers to carry out complex, multistage attacks.
Nathaniel Jones, Director of Strategic Threat and Engagement at Darktrace, emphasized that while new threats are emerging, many attacks are still carried out by familiar actors using known techniques and malware variants. The persistence of MaaS and RaaS service models, alongside newer threats like Qilin ransomware, underscores the need for adaptive, machine learning-powered security measures to keep pace with the evolving threat landscape.
Cybercrime-as-a-service, particularly MaaS and RaaS tools, continues to dominate the threat landscape. Groups like Lockbit and Black Basta provide attackers with pre-made malware and phishing email templates, lowering the technical bar for entry into cybercriminal activities. The adaptive nature of MaaS strains, capable of changing tactics from one campaign to the next, highlights the importance of AI-driven security measures for detecting anomalous activity in real-time.
The report identified common threats from January to June 2024, including information-stealing malware, Trojans, Remote Access Trojans (RATs), botnets, and loaders. Additionally, the emergence of new threats like Qilin ransomware, which employs sophisticated tactics to bypass security measures, was noted.
Double extortion methods have become prevalent among ransomware strains, with strains like Akira, Lockbit, and Black Basta using this tactic. Phishing also remains a significant threat, with a high percentage of phishing emails successfully bypassing verification checks and existing security layers.
Researchers observed an increase in attackers using legitimate third-party services and sites, like Dropbox and Slack, to blend in with network traffic. Covert command and control mechanisms, such as remote monitoring and management tools, were also on the rise.
Darktrace raised concerns about the mass-exploitation of vulnerabilities in edge infrastructure devices, which can be used as a launching pad for further malicious activities. It is crucial for organizations to stay vigilant and address existing attack trends and vulnerabilities, as attackers may revert to previously dormant methods.
In conclusion, the evolving cyber threat landscape requires organizations to adopt adaptive security measures and remain proactive in defending against sophisticated and persistent threats. The use of AI-driven technologies and awareness of common attack tactics are essential in mitigating the risks posed by cybercriminals.