Phishing attacks continue to lead as a primary threat vector with a 62% increase over the last year, Securonix 2023 Threat Report
Securonix Threat Report 2023 key highlights:
Phishing attacks increased 62% over the last year, recently leveraging corporate tools like Microsoft OneNote, and continues to be the leading vector for threats.
The number of vacation-related phishing attacks grew by 25% compared to the previous 12-month period.
Threats identified in the wild increased by an average of 32% per month year-over-year while threats identified in environments went up by 25% during that same period.
The average number of TTPs and IoCs identified per month increased by 14% compared to the previous period.
Securonix, Inc., a leader in Next-Gen SIEM, today launched its 2023 Threat Report that comprises the latest threat intelligence from Securonix, including Autonomous Threat Sweeper (ATS) scans of historical and current data for indicators of compromise, (IoCs), and tactics, techniques and procedures (TTPs). The report provides a 12-month retrospective, from June 2022 to June 2023, of the threats and vulnerabilities identified and analyzed by Securonix. These include threats detected in the wild, threats identified in environments, threat vectors such as TTPs and IOCs, and the top data sources for threats.
Nearly 1,600 threats were identified by ATS over the past year with September 2022 being the month with the most active threat activity at 148 threats. These threats included the LockBit 3.0, Graphite malware, Shikitega malware, Ares banking trojan, and FIN11/TA505. LockBit 3.0 emerged as one of the most prolific and dangerous ransomware strains in the last 12 months, wreaking havoc on organizations worldwide. It continues to evolve rapidly, targeting businesses across a variety of industries with its advanced encryption techniques.
Over the past 12 months, 541 threats have been identified in environments across a wide range of industries, sizes, and geographies. The top three most prolific threats identified across environments were vacation-related phishing emails, SSH honeypot activity, and RAT tools emerged as significant threats over the past year. Organizations are witnessing an uptick in vacation request phishing emails (25% increase over the past year), which when successful can result in significant financial losses, data breaches, and irreparable reputational damage. SSH honeypots, which are decoy servers set up to attract and monitor malicious activity targeting, were seen across more environments than any other threat in the past year. There was an increased distribution of remote access trojan (RAT) tools on public sites, such as GitHub, which poses significant cybersecurity concerns.
Harshil Doshi, Country Manager (India and SAARC) at Securonix said, “Securonix Threat Report 2023 is an yearly advisory document curated for cybersecurity professionals across the world highlighting the trends around cyber threats. For 2023 some distinct highlights around the surge in vacation-request phishing campaigns which revealed how scammers deploy social engineering tactics is unnerving. The Lockbit 3.0 ransomware, in particular, caused havoc in India compromising 600 GB of sensitive data. Our threat research team also uncovered an interesting new attack campaign called the STARK#MULE, in which attackers use U.S. military-related documents to lure victims and run malware staged from legitimate compromised Korean eCommerce websites. Therefore, organizations and individuals must exercise caution when handling email attachments, maintain up-to-date software, and implement security training and awareness programs.”
For more information, please download the report here.
About Securonix
Securonix is leading the evolution of SIEM for today’s hybrid cloud, data-driven enterprises. Securonix Unified Defense SIEM provides organizations with the first and only content-driven threat detection, investigation and response (TDIR) solution built with a highly scalable data cloud and a unified experience from the analyst to the CISO. The innovative cloud-native solution enables organizations to scale up their security operations and keep up with evolving threats.