Interactive Report Summary

Q4 and Full-Year 2023 Cyber Threat Report

As we usher in 2024, we reflect on a year of evolving cybersecurity trends. The final quarter of 2023 saw an 88.97% increase in malware activity, largely due to JavaScript phishing variants and malicious Word documents exploiting older vulnerabilities. However, the year witnessed a 26.84% decrease in overall activity, possibly due to Microsoft's automatic blocking of VBA agents. TorrentLocker emerged as the dominant botnet, and Apache’s Log4j remained a popular exploit tool.  
Download the full report

Top Findings at a Glance

MALWARE

Q4 saw malware activity jump 88.97%

BlackBasta ransomware exploded by 354% in Q4

BOTNET

Botnet activity increased 25% year-over-year

Torpig Mebroot comprised 56% of all botnet detections in 2023

EXPLOIT

Exploits exploded 187% in 2023

Web Server Password File Access increased by 42% in Q4

Image

Ransomware Spotlight: BlackBasta

BlackBasta Ransomware, associated with QakBot malware, escalated its activity by 353.66% in Q4 2023, becoming the second most active ransomware operator. This Russian-speaking operation, suspected to be linked to Conti Ransomware, targets primarily U.S. organizations in financial services, healthcare and commercial facilities.  

Since its emergence in 2022, BlackBasta has extorted over $100 million, making it one of the most profitable ransomware strains. The data of organizations that do not pay the ransom is often sold to the highest bidder for further attacks or resale on dark web marketplaces. Unless disrupted by law enforcement, BlackBasta is expected to continue its dominance in the ransomware space. 

 

Methodology

How Nuspire produces its threat intelligence 

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

OCTOBER THROUGH DECEMBER

Q4 2023 in Review

Q4 2023 was marked by numerous software vulnerabilities, the emergence of new malware and a rise in ransomware attacks.

October
10.4
Actively Exploited Zero-Day Disclosed for Atlassian’s Confluence Data Center and Server Software
10.10
GNOME Linux Systems Vulnerable to RCE Attacks Via File Download
10.11
Microsoft’s October Patch Tuesday Addresses 3 Zero-Days, 104 Vulnerabilities
10.17
Threat Actors Exploiting Critical Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
10.25
Citrix Urges Immediate Patching for Critical NetScaler Vulnerability
10.25
VMware Releases Security Updates for Critical vCenter Server RCE Vulnerability
November
11.1
Newly Discovered StripedFly Malware Likely Controlled by APT Group
11.7
QNAP Warns of Critical Command Injection Vulnerabilities in QTS OS and Apps
11.8
Veeam Warns of Critical Flaws Discovered in ONE IT Monitoring Software
11.13
SysAid Zero-Day Vulnerability Exploited in CL0P Ransomware Attacks
11.15
Microsoft’s November Patch Tuesday Addresses 5 Zero-Days, 58 Vulnerabilities
11.21
FBI and CISA Warn of Opportunistic Rhysida Ransomware Attacks
11.30
Google Fixes Chrome Zero-Day Vulnerability Exploited in Attacks
December
12.5
Russian Threat Actors Exploit Outlook Flaw to Hijack Exchange Accounts
12.6
Threat Actors Exploited Adobe ColdFusion Vulnerability to Breach Federal Agencies
12.13
Microsoft’s December Patch Tuesday Addresses 1 Zero-Day, 34 Vulnerabilities
12.18
Joint Advisory Released Regarding Play Ransomware Activity
12.21
FBI Disrupts BlackCat Ransomware Operation, Releases Decryption Tool
12.27
Barracuda Remotely Patches Newly Exploited ESG Zero-Day

Let's Dive Into the Data

Q4 malware and exploit activity explodes, with botnets and exploits escalating year-over-year. 

#
Activity
Average
0

Total Events

0

Unique Variants

0.97%

Total Activity

Malware

Malware activity jumped nearly 90% in Q4 2023, buoyed by the extensive use of JavaScript phishing variants and a surge in attacks from ransomware gangs like BlackBasta, which clocked a 354% increase in activity.

#
Activity
Average
0

Total Events

0

Unique Variants

-0.96%

Total Activity

Botnets

In Q4, Torpig Mebroot, a top botnet, slowed its activity down significantly, dropping nearly 60% from Q3. In contrast, TorrentLocker, a botnet that re-emerged in Q3, quadrupled its activity. Moreover, Mumblehard, a botnet that targets Linux systems, moved up to fifth place in our Top 5 Botnet list, surpassing Mirai. 

#
Activity
Average
0

Total Events

0

Unique Variants

0.93%

Total Activity

Exploits

In Q4, Nuspire recorded a substantial surge in exploit activity, with a 132.91% increase primarily fueled by Secure Shell (SSH) brute forcing. A significant shift was observed in threat actor tactics, with a marked 41.64% rise in the use of Web Server Password File Access, an information disclosure exploit, compared to Q3. This exploit has seen a steady uptick each quarter of the year, culminating in a 133.21% increase since Q1. 

Stay Vigilant

Despite the varying levels of malware, botnet and exploit activity, bear in mind that just one successful breach can significantly impact your business. It's essential to maintain a clear view of your environment to defend against potential threats. As threat actors continually update their strategies, your security measures need to adapt accordingly. Always stay on guard! 
Download the Full Report

Meet Our Threat Intelligence Experts

Justin Heard
Director of Security Operations

As Nuspire's Director of Security Operations, Justin Heard is at the helm of the company's key security initiatives, encompassing incident response, threat hunting and cyber intelligence. With over 15 years of experience in cybersecurity, including roles such as threat hunter, incident commander and intelligence analyst, Justin has a deep understanding of the cybersecurity domain. His leadership is instrumental in bolstering Nuspire’s defenses and adapting to the rapidly changing landscape of cyber threats. 

Before his tenure at Nuspire, Justin enhanced his skill set in the defense sector, serving as a network administrator and security engineer. Justin has an associate degree in Computer Networking Systems from ITT Tech. 

Josh Smith
Cyber Threat Analyst

Josh is a Cyber Threat Analyst at Nuspire who works closely in organizational threat landscapes, curating threat intelligence, and authoring Nuspire’s Quarterly Threat Landscape Report. Josh is currently pursuing his master’s degree in Cybersecurity Technology. Previously he served with the U.S. Navy as an Operations Specialist with 14 years of service. Josh has been quoted in Forbes, CSO Online, Channel Futures, Dark Reading, and others.