This as threat actors deviate from big-batch attacks to focus on a narrower range of more lucrative targets.

These new patterns in the cybercrime landscape are highlighted in the Trend Micro 2023 Annual Cybersecurity Report, which presents highlights from the company’s telemetry covering the broadest attack surface view across millions of commercial and consumer clients.

“Our latest data shows that threat actors are fine-tuning their operations, shifting away from large-scale attacks, and instead focusing on a smaller range of targets but with higher victim profiles for maximum gain with minimum effort. As they continue to double down on tried and tested techniques, they are also delegating and streamlining operations — resulting in bolder, more effective strikes,” says Gareth Redelinghuys, country managing director, African Cluster at Trend Micro.

Attacks focused on substance over quantity are more difficult to block

Though thousands of ransomware attacks were blocked by Trend Micro in Nigeria in 2023, year-on-year research shows that ransomware groups are working smarter instead of harder, prioritising high-value targets over volume.

There has been a general downward trend in ransomware detections, with worldwide detections from 2021 to 2023 averaging less than half of the recorded detections in 2020; however, this should not be misconstrued as a cue for security operations centres and decision-makers to lower their guards.

Historically, ransomware attacks were launched in “bulk,” such as spam campaigns with malicious links, but attacks that focus on quantity can more easily be blocked.

What’s more, a continued increase in Trojan FRS threat detections globally could suggest that attackers are using more effective ways to evade preliminary detection by focusing on arrival and defense evasion techniques. Examples of this include Living-Off-The-Land Binaries and Scripts.

Because these computer files are non-malicious in nature and local to the operating system, they can be used by threat actors to camouflage their attacks.

Last year, several ransomware families across the world were also observed maximising remote and intermittent encryption, as well as abusing unmonitored virtual machines to bypass Endpoint Detection and Response.

Because there is less content used during intermittent encryption, for example, there is less chance of triggering detection.

Gangs are also launching bolder attacks: Prolific groups were some of the most active in 2023: Clop exploited major vulnerabilities, and BlackCat launched a new variant, while also making its extortion public by leveraging the U.S. Security and Exchange Commission’s four-day disclosure requirement to incentivise its victim to communicate more quickly with them.

Email threats – attackers are using more sophisticated ways to avoid detection

This trend towards threat actors opting for quality over quantity is equally present in the patterns observed around email threats.

Though email threat detections in Nigeria decreased from more than 45 million in 2021 to 18 million in 2023, the increase in malware detection count over the same period suggests a shift in the threat landscape that finds attackers making use of more sophisticated ways to avoid detection.

Trend Micro’s data also shows a slight decrease in malicious URL detection in Nigeria from 2021 to 2023, indicating that instead of focusing on malicious links to randomly victimise users, criminals are using more targeted operations, such as BEC schemes, where emails are less likely to undergo scrutiny because of how legitimate they look.

Instead of launching attacks on a wider range of users and relying on victims clicking on malicious links in websites and emails, more sophisticated attacks are launched using specificity to trick a narrower field of high-profile victims.

This also allows them to bypass early detection layers like network and email filters.

AI-powered phishing attempts are more convincing than ever

Over the course of 2023, AI showed great promise in social engineering attempts globally: its automation proved most useful in mining datasets for actionable information, while generative AI have made phishing on mass scale virtually effortless with error-free and convincing messages.

The use of generative AI in phishing attempts is already branching beyond emails and texts to include persuasive audio and video ‘deepfakes’ for an even more business-affecting threat.

Imagine a company that requires live voice authorisation for purchases above a million dollars, for example.

An attacker could send a real-seeming email request with a rigged phone number embedded and answer the confirmation call with a deepfaked voice to validate the transaction.

These new tactics introduce the possibility of everything from stock market manipulations to democratic or wartime disinformation campaigns, or smear attacks on public figures.

The barriers to entry for techniques like these have fallen away radically with the rise of readily available app-style interfaces like HeyGen. Cybercriminals with no coding knowledge or special computing resources can produce customised high-resolution outputs that are humanly undetectable.

“Looking at the overall trend in decreasing ransomware threats, it might be tempting for local organisations to develop a false sense of security and lower their defenses. However, our research shows that these increasingly sophisticated attacks are going to become more and more difficult for businesses to detect and that they will be increasingly costly when they succeed. IT leaders must refine their processes and protocols to enable their defenses to combat persistence with efficiency,” concludes Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro.

As the digitalization era prevails globally, Information Technology (IT) has never been more significant and as such, a top important element for aspiring and successful businesses.

Essentially, it is of great importance now as it continues to excel even at no time than it is today.

As the world slowly responding, particularly, the global south nations, to issues like the existential threat of Artificial intelligence (AI) to humanity, and the question of owning the data within the contextual usage of AI and Data Analytics, for instance, so also and even in a greater proportionality are new threats emerging in the post-digitalization era (PDE).

The Elastic global threat most recently released report that came up with a dreadful outcome. Such remains an apt indicativeness that Linux-based signature events proceeded with an increase from 54.5% last year to 91.2% of all signature telemetry.

The highest investigation as of late noticed 104 remarkable marks by Elastic Security Lab showing that most of the malware was made out of a few exceptionally predominant ransomware families, Gafgyt, Frp, Meterpreter, and BlackCat.

Additionally, more than 33% of all malware tests conveyed to endpoints were related to monetarily spurred dangers.

Ransomware families will generally bunch around the result of a particular gathering or set of noxious thespians that use an unmistakable example of techniques, tactics, and procedures (TTPs). Recognizing these families with explicit names or codenames is significant for following the development of Ransomware families over the long haul and for attribution purposes.

In other words, to get ready for Ransomware, security groups need to find out more about the most dynamic families.

All realized marks related to Ransomware families have abilities, which have been recorded widely by security scientists all around the world, and tirelessly hazardously to most huge IT infrastructural footings.

Trending, the correlation with this is the attainableness, which has more to do with the overall performance and or adoption of Linux-based infrastructure than the threat priorities.

It may also exploit experts’ visibility of Linux-based malware infections, which has been estimated to have risen to about 59.8%. In other words, the conscious effects of new threats also require an urgent response to those introduced new threats.

Ransomware is one such threat – it’s growing and it threatens the very existence of corporations within the digital spaces.

A rolling of economic solutions via digitalization particularly in the global south nations could not but join in the global 20th celebration of Cyber Security Awareness month and thus the modest intervention to examine Ransomware from an awareness perspective as things stand.

Essentially, October 2023 is the 20th Cybersecurity Awareness Month! If playback doesn’t begin pithily, you may have to ensure restarting your gadget, concentrating on security solutions to secure your IT and business technological infrastructures.

With the nature of landscape threats, much has been expounded on solidifying ventures against the danger of Ransomware, yet what might be said about safeguarding supply chains of highly yielding business enterprises?

In a perfect world, each provider has a vigorous security agenda, solid Ransomware protection, and bold strength estimates set up. Sadly, as we have learned despite different dangers, this isn’t true.

Dreadfully, the rise in cybersecurity incidents is accurately evident among African countries with appreciable breaches peculiarities and even experientially advancing in the global north nations.

In the second quarter of 2023, Africa experienced the highest average number of cyberattacks per week per organization, with a 23% increase compared to the same period in 2022. Ransomware contributed over 85% to such cyberattacks triggering data.

Quickly, permit me to say why I divert away from addressing this year’s celebration subject of securing your privacy via password to the subject of Ransomware.

Password mechanism is as old as digitalization itself, and personal and organizational maturity in determining a strongly fortifying password for individuals and businesses are indeed essentially typifying the privacy equations of a system and the associated business culture.

For instance, the recognition of strong passwords remains an active point for businesses and individuals to be part of the chain mechanism to protect the end users as well as the systems.

It is now a bloodline to develop a strong attitude to some with strong passwords, which must be as long as may be permitted, random, unique, and include all four character types (uppercase, lowercase, numbers, and symbols).

Concurrently, Password managers are a robust tool to enable businesses and individuals to create strong passwords for every account within the communication systems as it may be, even with the accentuation of the Bringing Your Own Device (BYOD) phenomenon.

If the need for a strong password has solved the security problems, why the advocacy that businesses and individuals need more than a password to protect online accounts and other associated infrastructures just to make you and your business significantly less likely to get hacked?

Essentially is the fast-evolving need for the two authentication processes on all online accounts that offer it, especially email, social media, and financial accounts.

Undoubtedly, yes, because of remote bad guys and internal collaborations for fraudulent activities that now become the emerging new threats, there is a very urgent awareness of the upping notion to keep someone or something away or prevent something from happening or harming organization tech infrastructures.

When considering Ransomware from two perspectives of the IT and the law enforcement responses, the warding off becomes centrally the winning pot to firmly secure both individual’s and corporations’ IT infrastructures and indeed organisation culture and tech profitability standards.

Several surveys of the activity of security signatures are steadily on the exponentially abrupt rise, showing Ransomware attacks on business and government infrastructures are in ever-increasing peril.

Also, Ransomware is now rated a Deck 1 in most Western nations as remains an ever-emerging national security threat with attacks against businesses and the public sector increasing.

The trending subject is not anything else but the urgency of warding off Ransomware attacks. The fortify side of security should not in any way discount the prevention moves whatsoever. Surveys report outcomes thriving won for the argument that systems could be prevented from Ransomware attacks.

Nonetheless, it is a whiz clot to underline that comprehensive antivirus and anti-malware software are the most common ways to defend against Ransomware. They can examine instantaneously, scan satisfactorily, detect sufficiently, and respond effectively to cyber threats.

Further, reinforcement records, essentially, backup files ought to be properly secured and put away disconnected from the internet or out-of-band, so they can’t be designated by assailants.

Utilizing cloud administrations could help relieve a Ransomware disease, as many hold past variants of records permitting you to move back to a decoded rendition.

Simply, backup files should be suitably safeguarded and stowed offline or out-of-band, so they can’t be targeted by mudslingers and attackers. The use of cloud services could help mitigate a Ransomware malady, as many retain forenamed signature versions of files allowing you to roll back to an unencrypted version.

There are relevant controls as they are called for security best practices to midway avert Ransomware assaults or any such quick arising dangers. It implies shielding or avoiding Ransomware requests a comprehensive, all-hand-on-deck approach that unites the whole corporation’s guard component against noxious assaults of any sort.

Such a system should involve extensively keeping up with reinforcements insightfully; creating plans and strategies versatile to be consistently basically a stride in front of any assaults; checking on port settings basically and keeping up with the ongoing status while working in cloud conditions; solidifying all endpoints during designs; staying up with the latest ought to be done consequently; powerful inside preparing and improvement of safety faculty and giving security mindfulness preparing at acceptance to all new staff and maybe week after week online class on your technique to avert and additionally halting Ransomware in its chases.

Simply, applicable controls are available for security best practices to centrally ward off Ransomware attacks or any such fast-emerging threats. It means defending or warding off Ransomware demands a holistic, all-hand-on-deck technique that brings together the entire organization’s defence mechanism against malicious attacks of any kind.

Such a strategy must entail comprehensively maintaining backups thoughtfully; developing plans and policies adaptable to be always at least a step ahead of any attacks; reviewing port settings essentially and maintaining the current status when working in cloud environments; hardening all endpoints during configurations; keeping systems up-to-date should be done automatically; robust internal training and development of security staff and providing security awareness training at induction to all new staff and perhaps weekly online webinar on your strategy to ward off and or stopping ransomware in its hunts.

A central warding-off system is an implementation of an Intrusion Detection System (IDS) that looks for vicious activity by comparing web gridlock logs, I mean, network track logs to signatures that detect known odious and hurtful shifting.

A robust IDS will update signatures often and alert the business quickly if it detects potential malicious activity.

Decisively, when Ransomware strikes, companies should be advised and researched rapidly. Information shown appropriately that, it ought to take mature institutions not over 10 minutes to inspect an interruption.

Notwithstanding, just 10% of organizations can meet this benchmark practically speaking. Regardless, there is prompt assistance for establishments impacted by Ransomware to investigate inside the tickling of an eye or go from occasion discovery to warning in something like six minutes of malevolent action.

In conclusion, there is immediate help for organizations affected by Ransomware to explore within the tickling of an eye or go from event detection to notification within six minutes of malicious activity.

Taking all control is essentially central to the continuing performance of your business and even the public sector to guarantee the continuous existence of the business and endure the pathway to sustainable development with high profitability.

The group, dubbed Luna, employs the use of ransomware written in Rust, a programming language that has been previously used by BlackCat and Hive gangs, among others. It allows them to easily port malware from one operating system to another.

This discovery, among others, is part of the recent crimeware report available on Securelist by Kaspersky.

Luna deploys malware written in Rust – its cross-platform capabilities allow the group to aim at Windows, Linux and ESXi systems all at once.

The advertisement on the dark web, spotted by Kaspersky, states that Luna only works with Russian-speaking affiliates.

Moreover, the ransom note hardcoded into the binary contains some spelling mistakes – driving towards the conclusion that the group might be Russian-speaking. 

Since Luna is a newly discovered group, there’s still little data on its victimology – but Kaspersky are actively following Luna’s activity.

Luna underlines the recent trend for cross-platform ransomware, with languages like Golang and Rust being heavily implemented by modern ransomware gangs in the past year.

A notable example includes BlackCat and Hive, the latter using both Go and Rust. These languages are platform independent, so the ransomware written using them can be easily ported from one platform to another. The attacks can then be aimed at multiple operating systems at the same time.

Another investigation recently conducted by Kaspersky provides deeper insight into ransomware actor Black Basta’s activity.

This group executes a new ransomware variant written in C++ which first came to light in February 2022. Since then, Black Basta has managed to attack more than 40 victims, mainly in the United States, Europe and Asia.

As Kaspersky’s investigation has shown, both Luna and Black Basta are targeting ESXi systems, as well as Windows and Linux, which is yet another ransomware trend of 2022.

ESXi is a hypervisor that can be used independently on any operating system. Since many enterprises have migrated to virtual machines based on ESXi, it has become easier for the attackers to encrypt the victims’ data.

“The trends we outlined earlier this year seem to be gaining steam. We see more and more gangs using cross-platform languages for writing their ransomware. This enables them to deploy their malware on a variety of operating systems. The increased attacks on ESXi virtual machines are alarming and we expect more and more ransomware families to deploy the same strategy,” comments Jornt van der Wiel, a security expert at Kaspersky.

To protect yourself and your business from ransomware attacks, consider following these rules proposed by Kaspersky:

1. Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them.

2. Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections.

3. Use solutions such as Kaspersky Endpoint Detection and Response Expert and Kaspersky Managed Detection and Response which can help to identify and stop the attack in its early stages, before the attackers reach their final goals.

4. To protect the corporate environment, educate your employees. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform.

5. Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors. The Kaspersky Threat Intelligence Portal provides a single point of access for Kaspersky’s TI, providing cyberattack data and insights gathered by our team over 25 years.

To help businesses enable effective defenses in these turbulent times, Kaspersky has announced access to independent, continuously updated and globally sourced information on ongoing cyberattacks and threats, at no charge.