New research from Trend Micro shows cyberattacks relied on substance over size in 2023
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, has revealed that it blocked around 18 million email threats, almost two million malicious URLs and over four million malicious mobile apps targeted at Nigerian businesses and consumers between January and December 2023. This as threat actors deviate from big-batch attacks to focus on a narrower range of more lucrative targets.
These new patterns in the cybercrime landscape are highlighted in the Trend Micro 2023 Annual Cybersecurity Report, which presents highlights from the company’s telemetry covering the broadest attack surface view across millions of commercial and consumer clients.
“Our latest data shows that threat actors are fine-tuning their operations, shifting away from large-scale attacks, and instead focusing on a smaller range of targets but with higher victim profiles for maximum gain with minimum effort. As they continue to double down on tried and tested techniques, they are also delegating and streamlining operations — resulting in bolder, more effective strikes,” says Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro.
Attacks focused on substance over quantity are more difficult to block
Though thousands of ransomware attacks were blocked by Trend Micro in Nigeria in 2023, year-on-year research shows that ransomware groups are working smarter instead of harder, prioritising high-value targets over volume.
There has been a general downward trend in ransomware detections, with worldwide detections from 2021 to 2023 averaging less than half of the recorded detections in 2020; however, this should not be misconstrued as a cue for security operations centres and decision-makers to lower their guards. Historically, ransomware attacks were launched in “bulk,” such as spam campaigns with malicious links, but attacks that focus on quantity can more easily be blocked.
What’s more, a continued increase in Trojan FRS threat detections globally could suggest that attackers are using more effective ways to evade preliminary detection by focusing on arrival and defense evasion techniques. Examples of this include Living-Off-The-Land Binaries and Scripts. Because these computer files are non-malicious in nature and local to the operating system, they can be used by threat actors to camouflage their attacks.
Last year, several ransomware families across the world were also observed maximising remote and intermittent encryption, as well as abusing unmonitored virtual machines to bypass Endpoint Detection and Response. Because there is less content used during intermittent encryption, for example, there is less chance of triggering detection.
Gangs are also launching bolder attacks: Prolific groups were some of the most active in 2023: Clop exploited major vulnerabilities, and BlackCat launched a new variant, while also making its extortion public by leveraging the U.S. Security and Exchange Commission’s four-day disclosure requirement to incentivise its victim to communicate more quickly with them.
Email threats – attackers are using more sophisticated ways to avoid detection
This trend towards threat actors opting for quality over quantity is equally present in the patterns observed around email threats. Though email threat detections in Nigeria decreased from more than 45 million in 2021 to 18 million in 2023, the increase in malware detection count over the same period suggests a shift in the threat landscape that finds attackers making use of more sophisticated ways to avoid detection.
Trend Micro’s data also shows a slight decrease in malicious URL detection in Nigeria from 2021 to 2023, indicating that instead of focusing on malicious links to randomly victimise users, criminals are using more targeted operations, such as BEC schemes, where emails are less likely to undergo scrutiny because of how legitimate they look.
Instead of launching attacks on a wider range of users and relying on victims clicking on malicious links in websites and emails, more sophisticated attacks are launched using specificity to trick a narrower field of high-profile victims. This also allows them to bypass early detection layers like network and email filters.
AI-powered phishing attempts are more convincing than ever
Over the course of 2023, AI showed great promise in social engineering attempts globally: its automation proved most useful in mining datasets for actionable information, while generative AI have made phishing on mass scale virtually effortless with error-free and convincing messages. The use of generative AI in phishing attempts is already branching beyond emails and texts to include persuasive audio and video ‘deepfakes’ for an even more business-affecting threat.
Imagine a company that requires live voice authorisation for purchases above a million dollars, for example. An attacker could send a real-seeming email request with a rigged phone number embedded and answer the confirmation call with a deepfaked voice to validate the transaction. These new tactics introduce the possibility of everything from stock market manipulations to democratic or wartime disinformation campaigns, or smear attacks on public figures.
The barriers to entry for techniques like these have fallen away radically with the rise of readily available app-style interfaces like HeyGen. Cybercriminals with no coding knowledge or special computing resources can produce customised high-resolution outputs that are humanly undetectable.
“Looking at the overall trend in decreasing ransomware threats, it might be tempting for local organisations to develop a false sense of security and lower their defenses. However, our research shows that these increasingly sophisticated attacks are going to become more and more difficult for businesses to detect and that they will be increasingly costly when they succeed. IT leaders must refine their processes and protocols to enable their defenses to combat persistence with efficiency,” concludes Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organisations to simplify and secure their connected world. www.TrendMicro.com.