We had a briefing with Cybersixgill earlier this month. To talk threat intelligence, disruption, leveraging generative AI in threat intelligence, supporting SOC analysts with AI-infused analysis, and more. Cybersixgill collects and analyzes 10 million threat signals each day for its threat intelligence service.
Cybersixgill released its annual State of the Underground report in February (read the press release for the summary and register for the full details in the report). The report itself is 52 pages in length, and covers threat actor trends across six areas, e.g., compromised credit cards, messaging platform usage, initial access.
Here’s our key takeaways:
- Compromised credit cards less of a problem
The market for compromised credit cards has collapsed over the past 5 years, from 140 million cards in 2019 to 12 million in 2023. Improved fraud detection and prevention is a key contributor to this change. - Less activity on underground forums and messaging apps
Threat actors are making less use of underground forums and messaging apps, e.g., Telegram. However, much of this is due to significantly less activity by right-wing extremist groups and the disbandment of popular forums. - Vulnerabilities need to be paired with likelihood of exploit to be meaningful in defensive strategies
There were 7 CVEs introduced in 2023 that scored the highest marks for likelihood of being exploited within the next 90 days. MOVEit Transfer was in first place. In the top 10, half were for Microsoft products. - Stealer malware continues to get worse
Stealer malware grew in popularity in 2023, with 617 new types of malware (including stealers) mentioned on underground forums. Raccoon Stealer had >50% market share in 2023. - Availability of compromised endpoints for sale increased, too
The number of compromised endpoints increased (almost doubled, actually), which is problematic since they can be used for data theft, lateral movement, botnet recruitment, and more. - Ransomware attack volumes were down, but ransom payouts up significantly
Fewer attacks (by around 10%) combined with significantly higher ransom payouts (almost doubled) means ransomware continues to be a significant threat. While the likelihood of being targeted went down, for those that are targeted and compromised, costs are much higher.
Thanks to Cybersixgill for assembling such a good resource.
Leave a Reply