Interactive Report Summary
Q4 and Full-Year 2023 Cyber Threat Report
As we usher in 2024, we reflect on a year of evolving cybersecurity trends. The final quarter of 2023 saw an 88.97% increase in malware activity, largely due to JavaScript phishing variants and malicious Word documents exploiting older vulnerabilities. However, the year witnessed a 26.84% decrease in overall activity, possibly due to Microsoft's automatic blocking of VBA agents. TorrentLocker emerged as the dominant botnet, and Apache’s Log4j remained a popular exploit tool.
Download the full reportTop Findings at a Glance
Ransomware Spotlight: BlackBasta
BlackBasta Ransomware, associated with QakBot malware, escalated its activity by 353.66% in Q4 2023, becoming the second most active ransomware operator. This Russian-speaking operation, suspected to be linked to Conti Ransomware, targets primarily U.S. organizations in financial services, healthcare and commercial facilities.
Since its emergence in 2022, BlackBasta has extorted over $100 million, making it one of the most profitable ransomware strains. The data of organizations that do not pay the ransom is often sold to the highest bidder for further attacks or resale on dark web marketplaces. Unless disrupted by law enforcement, BlackBasta is expected to continue its dominance in the ransomware space.
Methodology
How Nuspire produces its threat intelligence
Hover over tiles to learn more
OCTOBER THROUGH DECEMBER
Q4 2023 in Review
Q4 2023 was marked by numerous software vulnerabilities, the emergence of new malware and a rise in ransomware attacks.
October
10.4
Actively Exploited Zero-Day Disclosed for Atlassian’s Confluence Data Center and Server Software
10.10
GNOME Linux Systems Vulnerable to RCE Attacks Via File Download
10.11
Microsoft’s October Patch Tuesday Addresses 3 Zero-Days, 104 Vulnerabilities
10.17
Threat Actors Exploiting Critical Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
10.25
Citrix Urges Immediate Patching for Critical NetScaler Vulnerability
10.25
VMware Releases Security Updates for Critical vCenter Server RCE Vulnerability
November
11.1
Newly Discovered StripedFly Malware Likely Controlled by APT Group
11.7
QNAP Warns of Critical Command Injection Vulnerabilities in QTS OS and Apps
11.8
Veeam Warns of Critical Flaws Discovered in ONE IT Monitoring Software
11.13
SysAid Zero-Day Vulnerability Exploited in CL0P Ransomware Attacks
11.15
Microsoft’s November Patch Tuesday Addresses 5 Zero-Days, 58 Vulnerabilities
11.21
FBI and CISA Warn of Opportunistic Rhysida Ransomware Attacks
11.30
Google Fixes Chrome Zero-Day Vulnerability Exploited in Attacks
December
12.5
Russian Threat Actors Exploit Outlook Flaw to Hijack Exchange Accounts
12.6
Threat Actors Exploited Adobe ColdFusion Vulnerability to Breach Federal Agencies
12.13
Microsoft’s December Patch Tuesday Addresses 1 Zero-Day, 34 Vulnerabilities
12.18
Joint Advisory Released Regarding Play Ransomware Activity
12.21
FBI Disrupts BlackCat Ransomware Operation, Releases Decryption Tool
12.27
Barracuda Remotely Patches Newly Exploited ESG Zero-Day
Activity
Average
0
Total Events
0
Unique Variants
0.97%
Total Activity
Malware
Detection, Q4 2023Across Nuspire-managed and monitored devices, there was an increase of 88.97% in total malware activity compared to Q3 2023.
How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach, including endpoint protection platforms and cyber awareness training.
Malware
Malware activity jumped nearly 90% in Q4 2023, buoyed by the extensive use of JavaScript phishing variants and a surge in attacks from ransomware gangs like BlackBasta, which clocked a 354% increase in activity.
Activity
Average
0
Total Events
0
Unique Variants
-0.96%
Total Activity
Botnets
Detection, Q4 2023Nuspire saw a slight 6.96% decrease in botnet activity in Q4.
How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.
Botnets
In Q4, Torpig Mebroot, a top botnet, slowed its activity down significantly, dropping nearly 60% from Q3. In contrast, TorrentLocker, a botnet that re-emerged in Q3, quadrupled its activity. Moreover, Mumblehard, a botnet that targets Linux systems, moved up to fifth place in our Top 5 Botnet list, surpassing Mirai.
Activity
Average
0
Total Events
0
Unique Variants
0.93%
Total Activity
Exploits
Detection, Q4 2023In Q4, exploit activity exploded by 132.91%.
How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.
Exploits
In Q4, Nuspire recorded a substantial surge in exploit activity, with a 132.91% increase primarily fueled by Secure Shell (SSH) brute forcing. A significant shift was observed in threat actor tactics, with a marked 41.64% rise in the use of Web Server Password File Access, an information disclosure exploit, compared to Q3. This exploit has seen a steady uptick each quarter of the year, culminating in a 133.21% increase since Q1.
Stay Vigilant
Despite the varying levels of malware, botnet and exploit activity, bear in mind that just one successful breach can significantly impact your business. It's essential to maintain a clear view of your environment to defend against potential threats. As threat actors continually update their strategies, your security measures need to adapt accordingly. Always stay on guard!
Download the Full Report
Justin Heard
Director of Security Operations
As Nuspire's Director of Security Operations, Justin Heard is at the helm of the company's key security initiatives, encompassing incident response, threat hunting and cyber intelligence. With over 15 years of experience in cybersecurity, including roles such as threat hunter, incident commander and intelligence analyst, Justin has a deep understanding of the cybersecurity domain. His leadership is instrumental in bolstering Nuspire’s defenses and adapting to the rapidly changing landscape of cyber threats.
Before his tenure at Nuspire, Justin enhanced his skill set in the defense sector, serving as a network administrator and security engineer. Justin has an associate degree in Computer Networking Systems from ITT Tech.
Josh Smith
Cyber Threat Analyst
Josh is a Cyber Threat Analyst at Nuspire who works closely in organizational threat landscapes, curating threat intelligence, and authoring Nuspire’s Quarterly Threat Landscape Report. Josh is currently pursuing his master’s degree in Cybersecurity Technology. Previously he served with the U.S. Navy as an Operations Specialist with 14 years of service. Josh has been quoted in Forbes, CSO Online, Channel Futures, Dark Reading, and others.