Phishing attacks lead as a primary threat vector

Phishing attacks increased 62% over the last year, recently leveraging corporate tools like Microsoft OneNote, and continue to be the leading vector for threats.

Securonix, Inc., a Next-Gen SIEM, launched its 2023 Threat Report that comprises the latest threat intelligence from Securonix, including Autonomous Threat Sweeper (ATS) scans of historical and current data for indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs). The report provides a 12-month retrospective, from June 2022 to June 2023,  of the threats and vulnerabilities identified and analyzed by Securonix. These include threats detected in the wild, threats identified in environments, threat vectors such as TTPs and IOCs, and the top data sources for threats.

Nearly 1,600 threats were identified by ATS over the past year, with September 2022 being the month with the most active threat activity at 148 threats. These threats included the LockBit 3.0, Graphite malware, Shikitega malware, Ares banking trojan, and FIN11/TA505. LockBit 3.0 emerged as one of the most prolific and dangerous ransomware strains in the last 12 months, wreaking havoc on organizations worldwide. It continues to evolve rapidly, targeting businesses across various industries with its advanced encryption techniques. 

Over the past 12 months, 541 threats have been identified in environments across various industries, sizes, and geographies. The top three most prolific threats identified across environments were vacation-related phishing emails, SSH honeypot activity, and RAT tools emerged as significant threats over the past year. Organizations are witnessing an uptick in vacation request phishing emails (a 25% increase over the past year), which, when successful, can result in significant financial losses, data breaches, and irreparable reputational damage. SSH honeypots, decoy servers set up to attract and monitor malicious activity targeting, were seen across more environments than any other threat in the past year. An increased distribution of remote access trojan (RAT) tools on public sites, such as GitHub, poses significant cybersecurity concerns. 

Harshil Doshi, Country Manager (India and SAARC) at Securonix, said, “Securonix Threat Report 2023 is a yearly advisory document curated for cybersecurity professionals worldwide highlighting the trends around cyber threats. For 2023 some distinct highlights around the surge in vacation-request phishing campaigns, which revealed how scammers deploy social engineering tactics, are unnerving. The Lockbit 3.0 ransomware, in particular, caused havoc in India, compromising 600 GB of sensitive data. Our threat research team also uncovered an interesting new attack campaign called the STARK#MULE, in which attackers use U.S. military-related documents to lure victims and run malware staged from legitimate compromised Korean eCommerce websites. Therefore, organizations and individuals must exercise caution when handling email attachments, maintain up-to-date software, and implement security training and awareness programs.”

Add new comment