Interactive Report Summary

Q4 and Full-Year 2023 Cyber Threat Report

As we usher in 2024, we reflect on a year of evolving cybersecurity trends. The final quarter of 2023 saw an 88.97% increase in malware activity, largely due to JavaScript phishing variants and malicious Word documents exploiting older vulnerabilities. However, the year witnessed a 26.84% decrease in overall activity, possibly due to Microsoft's automatic blocking of VBA agents. TorrentLocker emerged as the dominant botnet, and Apache’s Log4j remained a popular exploit tool.  
Download the full report

Top Findings at a Glance


Q4 saw malware activity jump 88.97%

BlackBasta ransomware exploded by 354% in Q4


Botnet activity increased 25% year-over-year

Torpig Mebroot comprised 56% of all botnet detections in 2023


Exploits exploded 187% in 2023

Web Server Password File Access increased by 42% in Q4


Ransomware Spotlight: BlackBasta

BlackBasta Ransomware, associated with QakBot malware, escalated its activity by 353.66% in Q4 2023, becoming the second most active ransomware operator. This Russian-speaking operation, suspected to be linked to Conti Ransomware, targets primarily U.S. organizations in financial services, healthcare and commercial facilities.  

Since its emergence in 2022, BlackBasta has extorted over $100 million, making it one of the most profitable ransomware strains. The data of organizations that do not pay the ransom is often sold to the highest bidder for further attacks or resale on dark web marketplaces. Unless disrupted by law enforcement, BlackBasta is expected to continue its dominance in the ransomware space. 



How Nuspire produces its threat intelligence 

Hover over tiles to learn more


Collects threat intelligence and data from global sources, client devices and reputable third parties.


Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.


Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.


Analysts further scrutinize the research, scoring and tracking of existing and new threats.


Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.


Q4 2023 in Review

Q4 2023 was marked by numerous software vulnerabilities, the emergence of new malware and a rise in ransomware attacks.

Actively Exploited Zero-Day Disclosed for Atlassian’s Confluence Data Center and Server Software
GNOME Linux Systems Vulnerable to RCE Attacks Via File Download
Microsoft’s October Patch Tuesday Addresses 3 Zero-Days, 104 Vulnerabilities
Threat Actors Exploiting Critical Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
Citrix Urges Immediate Patching for Critical NetScaler Vulnerability
VMware Releases Security Updates for Critical vCenter Server RCE Vulnerability
Newly Discovered StripedFly Malware Likely Controlled by APT Group
QNAP Warns of Critical Command Injection Vulnerabilities in QTS OS and Apps
Veeam Warns of Critical Flaws Discovered in ONE IT Monitoring Software
SysAid Zero-Day Vulnerability Exploited in CL0P Ransomware Attacks
Microsoft’s November Patch Tuesday Addresses 5 Zero-Days, 58 Vulnerabilities
FBI and CISA Warn of Opportunistic Rhysida Ransomware Attacks
Google Fixes Chrome Zero-Day Vulnerability Exploited in Attacks
Russian Threat Actors Exploit Outlook Flaw to Hijack Exchange Accounts
Threat Actors Exploited Adobe ColdFusion Vulnerability to Breach Federal Agencies
Microsoft’s December Patch Tuesday Addresses 1 Zero-Day, 34 Vulnerabilities
Joint Advisory Released Regarding Play Ransomware Activity
FBI Disrupts BlackCat Ransomware Operation, Releases Decryption Tool
Barracuda Remotely Patches Newly Exploited ESG Zero-Day

Let's Dive Into the Data

Q4 malware and exploit activity explodes, with botnets and exploits escalating year-over-year. 


Total Events


Unique Variants


Total Activity


Malware activity jumped nearly 90% in Q4 2023, buoyed by the extensive use of JavaScript phishing variants and a surge in attacks from ransomware gangs like BlackBasta, which clocked a 354% increase in activity.


Total Events


Unique Variants


Total Activity


In Q4, Torpig Mebroot, a top botnet, slowed its activity down significantly, dropping nearly 60% from Q3. In contrast, TorrentLocker, a botnet that re-emerged in Q3, quadrupled its activity. Moreover, Mumblehard, a botnet that targets Linux systems, moved up to fifth place in our Top 5 Botnet list, surpassing Mirai. 


Total Events


Unique Variants


Total Activity


In Q4, Nuspire recorded a substantial surge in exploit activity, with a 132.91% increase primarily fueled by Secure Shell (SSH) brute forcing. A significant shift was observed in threat actor tactics, with a marked 41.64% rise in the use of Web Server Password File Access, an information disclosure exploit, compared to Q3. This exploit has seen a steady uptick each quarter of the year, culminating in a 133.21% increase since Q1. 

Stay Vigilant

Despite the varying levels of malware, botnet and exploit activity, bear in mind that just one successful breach can significantly impact your business. It's essential to maintain a clear view of your environment to defend against potential threats. As threat actors continually update their strategies, your security measures need to adapt accordingly. Always stay on guard! 
Download the Full Report

Meet Our Threat Intelligence Experts

Justin Heard
Justin Heard
Director of Security Operations

As Nuspire's Director of Security Operations, Justin Heard is at the helm of the company's key security initiatives, encompassing incident response, threat hunting and cyber intelligence. With over 15 years of experience in cybersecurity, including roles such as threat hunter, incident commander and intelligence analyst, Justin has a deep understanding of the cybersecurity domain. His leadership is instrumental in bolstering Nuspire’s defenses and adapting to the rapidly changing landscape of cyber threats. 

Before his tenure at Nuspire, Justin enhanced his skill set in the defense sector, serving as a network administrator and security engineer. Justin has an associate degree in Computer Networking Systems from ITT Tech. 

Josh Smith Bio
Josh Smith
Cyber Threat Analyst

Josh is a Cyber Threat Analyst at Nuspire who works closely in organizational threat landscapes, curating threat intelligence, and authoring Nuspire’s Quarterly Threat Landscape Report. Josh is currently pursuing his master’s degree in Cybersecurity Technology. Previously he served with the U.S. Navy as an Operations Specialist with 14 years of service. Josh has been quoted in Forbes, CSO Online, Channel Futures, Dark Reading, and others.