Our annual analysis of the most notorious malware has arrived. As always, it covers the trends, malware groups, and tips for how to protect yourself and your organization.
This post covers highlights of our analysis, including the rise of ransomware as a service (RaaS), the six nastiest malware groups, and the role of artificial intelligence in both cybersecurity and cyberthreats.
Malware Shifts to RaaS
To say cybercriminals have come a long way since their humble beginnings — when floppy disks were used to spread malware infections — is an understatement. Their tactics have evolved significantly over the years, with ransomware now the malware of choice for cybercriminals.
The allure of ransomware is not surprising given the combination of financial gains and potential for anonymity. Never satisfied in their quest to scale operations and increase revenue potential, criminal actors have shifted their focus to a relatively new “business model” that is proving very successful — ransomware-as-a-service (RaaS). By removing the technical barriers for prospective affiliates, RaaS makes it easy for big players to grow their “enterprise.”
Who Made The Malware List?
Topping 2023's nastiest malware is CI0p. This ransomware group made a name for itself with the MOVEit campaign, which drove up the average ransom payment to nearly three-quarters of a million dollars. To date, this campaign is known to have impacted more than 1,150 organizations and over 60 million individuals, putting its global cost at close to $11 billion.
Also on the list are four new ransomware gangs — Black Cat, Akira, Royal, and Black Basta — believed to be the next generations of previous big players. They join a familiar name on the list, Lockbit.
We ranked these six malware groups accordingly:
An Intelligent Future: Artificial Intelligence and Machine Learning
For six years, the OpenText Cybersecurity threat intelligence team has witnessed a steady increase in the number and sophistication of malware attacks, which show no signs of slowing down. Threat actors are creative and resourceful in their attempts to trick users and exploit software and computer vulnerabilities. And while the use of AI and ML in cybersecurity is still in its early stages, it is rapidly evolving. This is good and bad news.
AI and ML have the potential to make the world a safer place, but they could also be used for malicious purposes. Rather than taking a wait-and-see approach, businesses of every size must take steps to protect themselves and mitigate the risks.
Guest blog courtesy of OpenText Cybersecurity. Author Tyler Moffitt is senior security analyst at OpenText Cybersecurity. Read more OpenText news and blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
