This post is also available in: heעברית (Hebrew)

The rise of ransomware-as-a-service gangs has brought with it a surge of 68% in known ransomware attacks last year, a record level, according to the latest State of Malware report by Malwarebytes.

The report states that the US accounted for almost half ­– 45% – of ransomware attacks, with the UK being second with 7% of costly incidents, followed by Canada, Italy, and Germany, with 4% each. The largest ransom demand of the year was $80– requested by the LockBit gang following an attack on Royal Mail, and the most attack-heavy month was May, with 560 ransomware attacks. The biggest criminal name in 2023 was LockBit with over 1000 ransomware attacks, but other competitors are actively closing the gap.

According to Cybernews, a multi-billion-dollar ransomware industry feeds off the legitimate economy and now supports entire supply chains, specialized organizations like access brokers, and malicious software vendors. It has brand names, PR stunts, HR departments, and incentive schemes.

Ransomware gangs now use Living of the Land (LotL) attacks, which are new and extremely difficult to detect techniques for hiding in plain sight. Cybercriminals carry out malicious activities using legitimate tools like Windows Management Instrumentation so that network activity appears normal to the untrained eye.

Malwarebytes explained: “Ransomware gangs like LockBit, ALPHV, and Royal use LOTL techniques to work unnoticed as they set up attacks inside corporate networks, elevating privileges, executing commands, downloading scripts, moving laterally, stealing data, and deploying ransomware.”

Another trend that made a comeback in 2023 is Malicious advertising – or malvertising –threatening businesses and consumers alike. “Countless campaigns appeared impersonating brands such as Amazon, Zoom, and WebEx to deliver both Windows and Mac malware through highly convincing ads and websites that trick users into downloading malware on their devices. Malwarebytes ThreatDown Labs found Amazon, Rufus, Weebly, NotePad++ and Trading View to be the top five most impersonated brands.”

Attacks on Android, Mac, and Windows devices seem to have also evolved. Malwarebytes detected 88,500 instances of Android banking trojans in 2023 – attacks involving banking trojans disguised as regular apps to copy banking passwords and steal money directly from accounts. Meanwhile, malware on Macs accounted for 11% of detections this past year.