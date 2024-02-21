The abuse of valid accounts as the top access technique was accompanied by an upsurge in malware, known as infostealers, designed to steal information to acquire credentials. We observed a 266% surge in infostealing malware, as we observed groups that previously specialized in ransomware pivoting to infostealers.

Despite remaining the most common action on objective (20%), X-Force observed an 11.5% drop in enterprise ransomware incidents. This drop is likely a result of larger organizations stopping attacks before ransomware was deployed and opting against paying the ransom in favor of rebuilding if ransomware takes hold. (It’s worth noting that analysis of ransomware extortion sites indicates ransomware activity globally actually increased in 2023. This appears to indicate X-Force clients continued to improve their capabilities to detect and respond to the precursors of a ransomware event.)

Although X-Force observed a drop in ransomware attacks, extortion-based attacks continued to be a driving force of cybercrime this past year, only surpassed by data theft and leak as the most common impact observed in X-Force incidents. For example, X-Force responded to multiple incidents associated with the CL0P ransomware group’s widespread data extortion attacks through the exploitation of the previously unknown vulnerability in MOVEit, a commonly used managed file transfer (MFT) tool.

While zero-day vulnerabilities like this one garner notoriety, the reality is that zero-day vulnerabilities make up a very small percentage of the vulnerability attack surface, just 3% of total vulnerabilities tracked by X-Force. In 2023, there was a 72% drop in the number of zero days compared to 2022, with only 172 new zero-day vulnerabilities. While the total number of zero days dropped, organizations should still emphasize knowing their attack surface and identifying and patching vulnerabilities in their environment to prevent many attacks.