Cybersecurity company Trellix has warned of the rising collaboration among ransomware groups and nation-state-backed attackers in its 2023 CyberThreat Report.
It highlighted criminal collectives including ‘The Darknet Parliament’, ‘Net Worker Alliance’, and ‘The Five Families’, characterising a shift to more organised, agile, and politically aligned cyber crime.
The use of lesser-known programming languages for malware development and the innovation of malicious Generative AI (GenAI) tools were also noted by the report.
John Fokker, Head of Threat Intelligence at Trellix Advanced Research Centre emphasised, “As technology advances, so does cyber crime – and understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats.”
The company’s research has noted that GenAI is being utilised to enhance phishing campaigns, suggesting that malicious GenAI may already be in deployment today.
Internationally, the report found that nation-state threat activity saw a significant surge, spiking over 50% in the last six months. The causes included escalating conflicts in Russia and Ukraine, a surge in cyber activity during and pre-conflict in Israel, and disruptive attacks on Taiwan ahead of their 2024 elections.
Geopolitical uncertainty described as both a cause and an incentive to cyber crimes, as new actors continue to emerge and existing ones evolve in their exploits and tactics, Trellix states.
Furthermore, the cybersecurity company noticed unusual variations in ransomware families, particularly in Q2, with a splintering of large ransomware groups into smaller entities focusing on data exfiltration.
Golang has become a popular language for malware, with a rise in its use for ransomware (32%), backdoors (26%), and Trojan Horses (20%), according to the report. Collaboration between threat actors actively on the Dark Web is also increasing, with formal collaboration among groups, a rising market in zero-day vulnerabilities, and joint PoC development efforts speeding exploitations.
These findings have recently been paralleled in Australia, with extensive attacks compromising government critical infrastructure systems and isolated attacks on national security systems.
John Fokker emphasized the relevance of these findings: “It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources.” He stated that the comprehensive analysis by the Trellix Advanced Research Center provides an essential resource for CISOs to understand and address evolving cybersecurity risks in a globally connected world.
The CyberThreat Report: November 2023 is based on various data sources including Trellix’s sensor network, investigations into nation-state and cyber criminal activity, and both open and closed-source intelligence.