Botnets Evolve as Malware Increases and Exploits Skyrocket in 2023

Nuspire’s Latest Cyber Threat Report Spotlights BlackBasta’s Rapid Expansion 

COMMERCE, MI (Jan. 31, 2024) Nuspire, a leading managed security services provider (MSSP), today unveiled its Q4 and Full-Year 2023 Cyber Threat Report. The report provides an in-depth look at the latest trends in malware, botnets, exploits and ransomware, painting a comprehensive picture of the current state of cybersecurity threats. 

The report documents a 187% explosion in exploit activity for the year, buoyed by the widespread use of Secure Shell (SSH) brute forcing and a marked rise in the use of Web Server Password File Access. Botnet activity grew 25% year-over-year, with Torpig Mebroot comprising 56% of all botnet detections in 2023. Conversely, malware dropped 27% from 2022; however, ransomware extortion publications grew nearly 18%, with LockBit, CL0P, ALPHV and BlackBasta driving the most activity.  

“The rise of BlackBasta ransomware, the persistence of botnets like Torpig Mebroot and the shift in exploit tactics all underscore the adaptability of threat actors. What we’re seeing is not just an increase in activity, but a refinement of methods,” said J.R. Cunningham, Chief Security Officer at Nuspire. “Cybersecurity is not a static field; it requires continuous adaptation and vigilance. With the rise in tools like AI used for malicious purposes, it’s crucial that organizations not only strengthen their defenses, but also remain agile and responsive by employing a multi-pronged defense strategy, rigorous patching and continuous security monitoring.” 

Additional findings from Nuspire’s newly-released cyber threat report include: 

• In Q4 alone, exploits increased by 132.91%. There was a significant shift in threat actor tactics, with a marked rise in the use of Web Server Password File Access, an information disclosure exploit. This exploit saw a steady increase each quarter of the year, culminating in a 133.21% increase since Q1. 
• While malware decreased year-over-year, it saw a significant surge in Q4, increasing by 89%, with JavaScript phishing variants dominating the activity.  
• Ransomware remained a critical threat throughout the year, with BlackBasta ransomware’s activity escalating by 353.66% in Q4, making it the second most active ransomware operator for the quarter, and the fourth most active for the year.  
• Botnets saw a 25% year-over-year increase in activity, with Torpig Mebroot comprising 56% of all botnet detections in 2023. However, there was a noticeable uptick in the activity of other botnets like TorrentLocker, which quadrupled its activity in Q4. 

“IDC’s research has shown that cyber threats are becoming increasingly sophisticated and targeted, demanding a more dynamic and mature defense posture from organizations,” said Craig Robinson, Research VP for Security Services at IDC. “Organizations are increasingly turning to security service providers to shift their cybersecurity programs into a more cyber resilient posture in the face of evolving threats. The use cases for Generative AI are rapidly becoming apparent as the need for speed in security operations centers is needed to keep up with the advanced techniques that cyber foes are deploying on their end. This shift underscores the necessity of a proactive approach to cybersecurity, continuous risk assessments and robust governance as indispensable components for building resilience in this new era of threats.” 

To access the Q4 and Full-Year 2023 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.  

About Nuspire  

Nuspire is a managed security services provider (MSSP) with 25 years of expertise, offering managed security services (MSS), managed detection and response (MDR), and managed endpoint detection and response (EDR) that supports best-in-breed EDR solutions. The company also offers cybersecurity consulting services (CSC) that include incident readiness and response, threat modeling, digital forensics, technology optimization, posture assessments and more. Nuspire’s self-service, technology-agnostic platform, myNuspire, allows greater visibility into a CISO’s entire security program. The platform alleviates the pain associated with tech sprawl, provides intelligence-driven recommendations, solves for alert fatigue and helps clients become more secure over time. With a deep bench of cybersecurity experts, award-winning threat intelligence and two 24×7 security operations centers (SOCs) Nuspire is equipped to detect, respond and remediate advanced cyber threats. Nuspire’s client base spans thousands of enterprises, from midsized to large enterprises across multiple industries and geographic footprints. For more information, visit https://www.nuspire.com/ and follow the company on LinkedIn @Nuspire.  

###