Almond, a prominent French cybersecurity firm, has released the second edition of its Threat Landscape report. The findings of the 2023-2024 edition reveal a concerning reality: the escalation of threats is indiscriminate across various sectors.
While three hacker groups dominate the DDoS ‘market’, Almond observes a growing trend among cybercriminals towards the professionalization of their operations. Once resembling small to medium enterprises (SMEs), these groups now adopt hierarchical structures akin to large corporations, equipped with significant human and financial resources.
In a year marked by numerous conflicts and with several major elections in Europe and the United States, as well as the upcoming Olympic Games, this Threat Landscape report provides valuable statistics and insights into these pressing issues.
Ransomware attacks increased by 33% in France in 2023
Every two or three days, French businesses and other organizations came under attack! The most frequent type of attack remains that of ransomware. Compared to 2022, these increased by 53% throughout the world in 2023, and by 33% in France (155 attacks were recorded on French businesses or other organizations, i.e. an attack every two or three days). Alongside attackers who have become famous because of the long list of their victims, other malicious elements emerge on a regular basis.
Attacks are being carried out faster, taking from 2 to 5 days on average, generally over a weekend, not to mention lightning attacks (Very-Go-Fast), some of which have taken only 7 minutes!
This increase in the number of attacks is also due to the fact that businesses and other organizations that have been victims are now more inclined to inform the authorities or the general public of them.
Three groups of hackers dominate the DDoS “market”
- NoName057(16): A pro-Russian group that mainly targets Europe, particularly since the war in Ukraine.
- Anonymous Soudan: This group focuses on Israel and the United States, particularly because of ongoing conflicts in the Near and Middle East.
- Mysterious Team Bangladesh (MTB): They have targeted countries that take hostile actions against the Moslem community, notably Israel and India.
Increasingly powerful structures
Almond’s experts have observed that increasing numbers of cybercriminals are making their organizations more professional. These organizations, which once resembled SMEs, now look more like structures with hierarchies, just like large companies, with considerable human and financial resources, many different departments and specialist services (money launderers, software developers, website hosts…), each with their own tasks and objectives.
Types of attack that remain favorites
- Raspberry Robin is a worm, identified in 2021, which is still one of the most frequently used techniques today and has taken its place as one of the most important active platforms for the dissemination of malware.
- EvilProxy has become an indispensable tool for whosoever wants to carry out a successful phishing campaign.
- Quishing involves sending phishing emails that include a QR code instead of a malicious link. This renders anti-spam or anti-phishing safeguards almost ineffective, particularly on mobile devices.
- Bring your own vulnerable driver is a technique that has existed since 2018 but is still widely used.
- AI – the new star of the hacktivist arsenal. AI is becoming an indispensable tool for attackers. By using a Large Language Model (LLM), which aggregates millions of pieces of data, one can create malicious content very easily, thanks to automation. One form of AI has even been specially designed to initiate malicious actions: WormGPT, based on the GPT-Jet language model on sale in cybercrime forums. Its aim is to draft phishing emails and create malicious codes based on the ones it has assimilated. It also makes it possible to generate attacks of the Business Email Compromise (BEC) type, which are even accessible to apprentice cybercriminals.
China, Russia, and Nigeria: sources of the most active threats
- China, which has well-proven cyber capabilities, uses them to target: France and the rest of Europe are severely deficient in protecting themselves against intrusion from China, which uses the “United Front” method. Beijing knows how to mobilize those that make up its diaspora – businesses, groups, and key individuals – in order to gather information.
- Russia is behind 61% of attacks throughout the world, above all in the form of DDoS. In early 2023, Russian cybercriminals carried out 46% of the attacks against the European Union. The development and sophistication of Russian cybercrime are partly linked to the quality of computer training in the country, as well as to the poor financial prospects for any qualified person.
- Nigeria is supposedly the birthplace of the Business. Email Compromise (BEC), which consists in taking control of a professional messaging platform. It targets financial undertakings in particular. Nigeria joined the Council of Europe’s Convention on Cybercrime in 2022, a sign of political commitment in matters of cybersecurity. This initiative makes it possible for Europe in particular, as one of the main victims of BEC attacks, to follow the progress made by Nigeria, and to foster cooperation.
An essential update on the vocabulary of cybercrime
Aside from the best-known concepts (cyberthreats, cyberattacks, data leakage…), Almond has noted the appearance of disquieting trends that need clarification, for their meaning also determines the way businesses should handle them.
- Big Game Hunting: This term designates a large-scale cyberattack. The malicious perpetrators target companies of considerable financial worth or with a high reputation and/or institutions that provide services that are vital for a country’s survival and greatly impact on the general public. Generally speaking, attacks take the form of ransomware, but may also involve spying and mass surveillance.
- Very-Go-Fast: This concept, forged by Almond, applies essentially to ransomware. As in the case of major robberies, the criminals’ objective is to break in, grab the loot and leave as quickly as possible. Studies carried out by experts in cybersecurity show that break-ins to computer systems in certain attacks have taken less than an hour, and data has been extracted a few minutes later. The ransomware used therefore meets two needs: to slow down any defenses and to make each moment count.
Read next: What can an iPhone do with 100 apps installed on it? Reach out to Russia.