The nastiest malware of 2023
OpenText Cybersecurity has released its sixth annual look at the threat landscape to reveal the most notorious malware trends.
This year four new ransomware gangs, believed to be a new generation of previous big players, top the list. Newcomer Cl0p takes the prize for this year's nastiest malware after commanding exorbitant ransom demands with its MOVEit campaign.
Ransomware has been rapidly climbing the charts, with ransomware-as-a-service (RaaS) now seen as the weapon of choice for cybercriminals. However, there's some comfort to be had from the fact that the numbers actually paying ransoms are at an all-time low.
"A key finding this year is the RaaS business model is another win for the bad guys. Profit sharing and risk mitigation are top contributors to RaaS success along with the ability to easily evade authorities," says Muhi Majzoub, EVP and chief product officer at OpenText. "There is a silver lining as research shows only 29 percent of businesses pay ransom, an all-time low. These numbers indicate people are taking threats seriously and investing in security to be in a position where they do not need to pay ransom."
The top five threats on OpenText's list are:
- Cl0p: a RaaS platform that became famous following a series of cyberattacks, exploited a zero-day vulnerability in the MOVEit Transfer file software developed by Progress Software. MOVEit victims include such notable organizations as Shell, BBC, and the US Department of Energy.
- Black Cat: believed to be the successor to REvil ransomware group, has built its RaaS platform on the Rust programming language. Made headlines for taking down MGM Casino Resorts.
- Akira: presumed to be a descendant of Conti, primarily targets small to medium sized businesses due to the ease and turnaround time. Akira ransomware targeted Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
- Royal: believed to be an heir to Ryuk, uses Whitehat penetration testing tools to move laterally in an environment to gain control of the entire network. Helping aid in deception is a unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt.
- Lockbit 3.0: an old favorite and last year’s winner, continues to wreak havoc. Now in its third iteration, Lockbit 3.0 is more modular and evasive than its predecessors.
You can find out more on the OpenText site.
Image credit: solarseven/depositphotos.com