Trend Micro Incorporated, a global leader in cybersecurity, today revealed a 10% annual increase in total threats combated in 2023 and warned that attackers are using more advanced methods, targeting fewer victims but aiming for higher financial gains.
Jon Clay, VP of threat intelligence at Trend, said: “We are fighting more threats than ever before for our customers. But it needs to be understood that adversaries have shown the variety and complexity of TTPs in their attacks, especially in terms of the defenses they set up. As our report shows, network defenders must continue to proactively manage risk as it relates to the attack surface. Understanding our adversaries’ strategies is the foundation of effective defense.
Trend Micro addressed a total of 161 billion threats in 2023, compared to 82 billion threats five years ago. In 2023, blocked threats that originated via email and the web decreased annually by 47% and 2%, respectively. Threats blocked by Mobile Application Reputation Service (-2%), Smart Home Network (-12%) and Internet of Things Reputation Service (-64%) also decreased. However, there was a 35% year-over-year increase within Trend’s File Reputation Service (FRS).
This could suggest that threat actors are choosing their targets more carefully. Rather than launching attacks on a wider range of users and relying on ‘victims’ clicking on malicious website links and emails, they are targeting a smaller number of victims – higher profile – with more intense attacks. This may allow them to bypass early detection layers such as network and email filters, which could explain the increase in malware detections at endpoints.
Some other trends observed in the report include:
- APT (Advanced Persistent Threat) actors showed a variety and complexity in attacks against victims, especially around evasion tactics.
- Malware email detection increased 349% year-over-year (YoY), while malware and phishing URL detections decreased 27% YoY – again highlighting the trend for more use of malicious attachments in their attacks.
- Business email compromise (BEC) detections increased by 16% year-over-year.
- Ransomware detections decreased by 14% year-on-year. However, once again, the increase in FRS detections may suggest that threat vectors are getting better at avoiding primary detection through techniques such as Living-Off-The-Land Binaries and Scripts (LOLBINs/LOLBAs), Bring Your Own Vulnerable Driver (BYOVD), zero-day exploits and AV termination.
- Linux and macOS ransomware attacks were 8% of the total ransomware detections.
- There was an increase in remote encryption, intermittent encryption, EDR bypass using unmonitored virtual machines (VMs) and multiple ransomware attacks where victims were hit more than once. Adversaries have recognized EDR as a great defense, but are now using evasion tactics to avoid this technology.
- Thailand and the US were the top two countries of ransomware victims, with the banking sector being the most affected sector.
- The top MITRE ATT&CK detections were related to defensive evasion, command and control, initial access, persistence and impact.
- Dangerous access to cloud applications was the top risk event detected by Trend’s Attack Surface Risk Management (ASRM), logged nearly 83 billion times.
- Trend’s Zero Day Initiative discovered and responsibly disclosed 1914 zero-day vulnerabilities, a 12% year-over-year increase. These included 111 bugs in Adobe Acrobat and Reader. Adobe was the number one software vendor in reporting vulnerabilities and PDFs were the number one type of spam attachment.
- Windows applications were in the top three vulnerabilities exploited through scans by TrendMicro’s virtual patches.
- Mimikatz (used in data collection) and Cobalt Strike (used in Command & Control) continued to be the preferred legitimate tools abused to aid criminal activity.
In light of these findings, Trend advises network advocates:
- Partner with trusted security vendors with a cybersecurity platform approach to ensure that resources are not only secure, but also constantly monitored for new vulnerabilities.
- Prioritize SOC effectiveness by carefully monitoring cloud applications as they become increasingly integrated into day-to-day operations.
- Ensure that all the latest code updates/upgrades are applied to operating systems and applications.
- Leverage comprehensive security protocols to protect against vulnerabilities, tighten configuration and access control for applications, and strengthen account and device security. They should strive to detect ransomware attacks earlier in the attack lifecycle by shifting defenses during initial access, horizontal movement, or data transfer stages.
H Trend Micro
Trend Micro, a global leader in cybersecurity, helps make the world a safer place to share digital information. Backed by decades of security expertise, global threat research and continuous innovation, the company’s cybersecurity platform protects hundreds of thousands of organizations and millions of users, across cloud infrastructure, networks, IOT devices, and endpoints. As a leader in cloud security (Cloud One) and cybersecurity, Trend Micro provides a powerful suite of advanced threat defense techniques optimized for environments such as AWS, Microsoft and Google with centralized visibility for better and faster threat detection and response with advanced XDR capabilities. With 7,000 employees in 65 countries and the most advanced database and research intelligence on global threats, Trend Micro helps organizations simplify and protect their digital world.
