The Fourth Quarter and Full-Year 2023 Cyber Threat Report from Nuspire, a leading managed security services provider, has been released, and it provides an in-depth look at the latest trends in malware, botnets, exploits, and ransomware.
Among the many findings is that 2023 saw a 187 percent increase in exploit activity for the year overall, and Botnet activity growing 25 percent year-over-year, with Torpig Mebroot comprising 56 percent of all botnet detections in 2023. Conversely, malware dropped 27 percent from 2022; however, ransomware extortion activity grew nearly 18 percent, with LockBit, CL0P, ALPHV, and BlackBasta responsible for the most activity.
Additional findings from Nuspire's newly-released cyber threat report include the fact that ransomware remained a critical threat throughout the year, with BlackBasta ransomware's activity escalating by 353.66 percent in Q4, making it the second most active ransomware operator for the quarter and the fourth most active for the year.
Moreover, botnets saw a 25 percent year-over-year increase in activity, with Torpig Mebroot comprising 56 percent of all botnet detections in 2023. And, there was a noticeable increase in the activity of other botnets like Torrent Locker, which quadrupled its activity in Q4. Francie Dudrey "Botnets Evolve as Malware Increases and Exploits Skyrocket in 2023" nuspire.com (Jan. 31, 2024).
Commentary
"Botnet" is short for Robot Network, which is a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. Each private computer has secretly been infected with a program that can control that computer to follow instructions sent by the hacker. When a private computer becomes infected with this type of malware, it is often referred to as a "zombie."
The "zombie" computer does not exhibit any other signs of infection because the botnet malware is designed to wait until it receives a signal from the computer controlled by the cybercriminals.
The zombie computer, along with hundreds or thousands of similarly infected computers, may be directed to flood the internet connection of a victim, known as a distributed denial of service attack (DDS), overwhelm the firewalls of a victim, attack outdated software whenever or wherever it is found, or send millions of spam messages to potential victims.
Hardening your cyber defenses is best left to IT professionals, but in general, the techniques range from the very basic to enlisting the assistance of sophisticated AI-augmented real-time protections.
A simple start to protection is training employees to ignore pop-up ads, suspicious email attachments, or unsolicited requests to download software.
Regularly update and maintain robust antivirus and anti-malware software. These tools help detect and remove malicious code associated with botnets.
Regularly install security updates and bug fixes for your software and operating systems. Outdated software can be vulnerable to botnet attacks. Use firewalls and Intrusion Detection Systems (IDS) to monitor and control incoming and outgoing network traffic. IDS helps detect suspicious activity and unexpected surges in requests, which could be indicative of botnet activity. Finally, when new devices join your network, ensure they have solid security settings.