Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • Darktrace End of Year Threat Report reveals shifting threats

Security

Darktrace End of Year Threat Report reveals shifting threats

Cambridge based Darktrace has released its 2023 End of Year Threat Report, identifying the key threats and attack methods facing businesses observed across the past six months.

Above: The diagram represents Darktrace detections containing indicators of compromise (IoCs) that have been associated with particular MaaS and RaaS threats. The size of the bubble displayed relates to the frequency of detections observed across the Darktrace fleet. 
Courtesy Darktrace

These insights, observed by Darktrace’s unique Self-Learning AI across its customer fleet, shed light on rapid shifts in the cyber security landscape and new techniques adopted by attackers attempting to sidestep traditional defences.

Advertisement
ADS S&P RT

The findings show that as-a-Service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers. As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.

The most common as-a-Service tools Darktrace saw in use from July to December 2023 were:

  • Malware loaders (77% of investigated threats[1]), which can deliver and execute other forms of malware and enable attackers to repeatedly target affected networks.
  • Cryptominers (52% of investigated threats), which use an infected device to mine for cryptocurrency.
  • Botnets (39% of investigated threats), enrol users in wider networks of infected devices, which attackers then leverage in larger-scale attacks on other targets.
  • Information-stealing malware (36% of investigated threats), malicious software like spyware or worms, designed to secretly access and collect sensitive data from a victim’s computer or network.
  • Proxy botnets (15% of investigated threats), more sophisticated botnets that use proxies to hide the true source of their activity.

The report also reveals a changing of the guard. In its First 6: Half-Year Threat Report, Darktrace identified Hive ransomware as one of the major Ransomware-as-a-Service attacks at the beginning of 2023. With the dismantling of Hive by the US government in January 2023, Darktrace observed the rapid growth of a range of threats filling the void, including ScamClub, a malvertising actor notorious for spreading fake virus alerts to notable news sites, and AsyncRAT, responsible for attacking US infrastructure employees in recent months.

Attackers shift to advanced solutions to bypass conventional security measures‍
As businesses continue to rely on email and collaboration tools for communication, methods such as phishing continue to cause a headache for security teams. Darktrace detected 10.4 million phishing emails across its customer fleet between the 1st September and the 31st December 2023.

However, the report also highlights how cybercriminals are embracing more sophisticated tools and tactics designed to evade traditional security parameters. One example is the rise of Microsoft Teams phishing in which attackers contact employees through Teams, posing as a co-worker and tricking them into clicking malicious links. In one case in September 2023, Darktrace identified a suspected Teams phisher attempting to trick users into clicking a SharePoint link that would download the DarkGate malware and deploy further strains of malware across the network.

Advertisement
Cranfield

Another new trend identified is the growth of malware developed with multiple functions to inflict maximum damage. Often deployed by sophisticated groups like cyber cartels, these Swiss Army knife-style threats combine capabilities. For example, the recent Black Basta ransomware also spreads the Qbot banking trojan for credential theft. Such multi-tasking malware lets attackers cast a wide net to monetise infections.

"Throughout 2023, we observed significant development and evolution of malware and ransomware threats, as well as changing attacker tactics and techniques resulting from innovation in the tech industry at large, including the rise in generative AI. Against this backdrop, the breadth, scope, and complexity of threats facing organizations has grown significantly,” commented Hanah Darley, Director of Threat Research, Darktrace. “Security teams face an up-hill battle to stay ahead of attackers, and need a security stack that keeps them ahead of novel attacks, not chasing yesterday’s threats.”

Download the 2023 End of Year Threat Report at darktrace.com/threat-report-2023.

 

 

 

Advertisement
Aviation Africa LB Aviation Africa LB
University of Surrey and the Met partner to tackle knife crime

Security

University of Surrey and the Met partner to tackle knife crime

13 February 2025

Knife Hunter, a new AI system developed by the University of Surrey in collaboration with the Metropolitan Police, is offering an insight into a future where Britain's police forces and local authorities use AI to tackle knife crime in London and across the country.

Prisoners help address MoD environmental challenges

Defence Security

Prisoners help address MoD environmental challenges

11 February 2025

Defence Equipment & Support (DE&S) has joined forces with His Majesty’s Prison and Probation Service (HMPPS) to help prisoners develop their horticulture skills, as part of a wider sustainability initiative to plant 30,000 trees (20 hectares) on Ministry of Defence (MoD) land.

UK Home Secretary hosts summit on mobile phone theft

Security Events

UK Home Secretary hosts summit on mobile phone theft

10 February 2025

The Home Secretary Yvette Cooper brought together policing leaders, the National Crime Agency (NCA), the Mayor of London and leading tech companies last week, to drive new action to tackle mobile phone thefts and secure a collective effort to grip this criminality.

TEKEVER partners with IMSAR on advanced radar tech

Aerospace Defence Security

TEKEVER partners with IMSAR on advanced radar tech

10 February 2025

TEKEVER today announced a two-year partnership agreement with IMSAR, to advance radar tech and data processing solutions.

Advertisement
Cranfield
CCL boosts Incident Response capability with SentinelOne partnership

Security

CCL boosts Incident Response capability with SentinelOne partnership

7 February 2025

As part of its continued investment into its Incident Response services, digital forensics and cyber specialist CCL has announced a partnership with the global leader in autonomous cyber security and EDR, SentinelOne.

Goldilock expands West Midlands hub

Defence Security

Goldilock expands West Midlands hub

6 February 2025

Cyber scaleup Goldilock - the network segmentation and isolation specialist backed by NATO - has today announced the expansion of its West Midlands headquarters to support its rapid growth trajectory.

Advertisement
ODU RT