Despite the series of malicious cyber attacks witnessed in 2023, with a number of new trends and tactics in the campaigns, one of the breaches that stood out was the breach of the file transfer service MOVEit.
In a new report published by ESET, it was revealed that in addition to its extensive effects, the MOVEit hack was significant since its perpetrators, Cl0p, did not use any ransomware.
The campaign leaked the stolen data from victim organizations on a public website-another example of a novel tactic used by cybercriminals.
The infamous ALPHV/BlackCat ransomware gang, who were also active this year, were also seen adopting this strategy.
Emerging Trends ESET, in its report, notes that because of the scale at which the MOVEit hack transpired, it was probably too much effort for Cl0p to encrypt each victim it captured.
ESET cites data from Emsisoft, which projects that there will be more than 2,600 impacted organizations after six months.
These victims ranged from government agencies, schools and healthcare, to major organizations like Sony and PricewaterhouseCoopers.
Another emerging tactic adopted by cybercriminals was using AI tools in their attack campaigns, taking into account the boom in technology in 2023 and the wake of ChatGPT's public release in November 2022.
Several campaigns have utilized AI tools like ChatGPT and spoofing domains that sound similar to ChatGPT. These domains include web applications that compromise user privacy by using the OpenAI API keys unsafely.
The Lumma hacker, who was extremely successful at stealing cryptocurrency wallets, was another phenomenon of the year.
It alone accounted for 80% of detections in this industry and caused a 68% increase in crypto theft this year.
The Lumma malware has been collecting login credentials and other data; between H1 and H2 2023, the total number of Lumma detections tripled.
The infamous Megacart threat, which has been a concern to retailers since 2015, still remains persistent and has developed into a stronger threat this year.
It inserts code into insecure websites in order to collect user data, including credit card numbers.
There was a 343% increase in detections between 2021 and 2023.
This Cyber News was published on www.cysecurity.news. Publication date: Sun, 24 Dec 2023 13:58:05 +0000