1920-x-500-Threat-Intelligence-Landscape

Threat Intelligence Landscape 2023

  • Date:
  • Time:
  • Duration:
  • 24 April 2024
  • 10:00 AM
  • 45 minutes

Watch our Threat Intelligence Landscape for a complete view of the current cyber threat landscape.

In this webinar, our Cyber Threat Intelligence (CTI) team share their key findings from 2023 and so far in 2024, including their ongoing research into top cyber criminal groups, state-affiliated threat actors, and their associated malicious infrastructure. They will also be looking at how these trends may impact the threat landscape over the rest of the coming year.

With our CTI team identifying over 36,000 unique IP addresses related to criminal and nation-state threat actor activity, over 195 threat groups, and analytics designed to identify and track malicious command and control infrastructure, this webinar provides unprecedented insight into the top cyber threats facing organisations over the past twelve months.

Politically Motivated Nation-State Attacks Remain a Key Threat

Russian, Chinese, Iranian and North Korean-affiliated threat actors still account for the majority of nation-state attacks worldwide, with increased efforts from all side being driven by the Russia-Ukraine and Israel-Palestine conflicts. Our team also made several observations relating to the passing of the Bipartisan Bicameral Bill and Chinese-directed cyber operations targeting Taiwan and the US.

Increased Hacktivism in Response to Geopolitical Events

As the Russian invasion of Ukraine continued throughout 2023, so did the accompanying hacktivist activity on both sides of the conflict. One of the more prominent pro-Russian groups, NoName057(16) (commonly known as NoName) continued its campaign of targeting countries that have imposed sanctions on Russia, NATO member states, or countries providing diplomatic, financial and military support to Ukraine.

SEO Poisoning

SEO poisoning - a type of attack where cyber criminals create malicious websites and use SEO techniques to rank their pages on Google - continued to be an effective initial infection mechanism in 2023. Coupled with the exploitation of new Microsoft technologies, various threat actors were able to infect victims that culminated in ransomware incidents involving Clop and Black Basta.

A New Ransomware-as-a-Service (RaaS) Player

In 2023, we collaborated with Group-IB and Michael Koczwara to uncover a new RaaS affiliate known as ShadowSyndicate; who remains highly active in global ransomware attacks. Based on their activity in 2023, they were observed working with ALPHV, Clop and Nokoyawa ransomware groups and were seen using a range of post-exploitation tools such as Cobalt Strike and Sliver.

Ransomware Groups Continue to Exploit Vulnerabilities in MFTs and VPNs 

There were several major vulnerabilities exploited by ransomware groups during 2023, notably in file sharing platforms and VPN products. Managed File Transfer (MFT) vulnerabilities were quickly exploited by ransomware groups such as Clop, who later went on to exploit MoveIt, PaperCut and SysAid.

 

Yashraj Solanki

Speaker

Yashraj Solanki

Cyber Threat Intelligence Analyst Bridewell
Gavin Knapp

Speaker

Gavin Knapp

Cyber Threat Intelligence Principal Lead Bridewell