Deep Instinct Threat Report Finds Ransomware, State-Sponsored Attacks, and AI-Powered Cyber Threats Surged in H1 2023

Ransomware-as-a-Service models, new underground markets, and the proliferation of LLMs combined to create massive opportunities for cybercriminals this year

NEW YORK, NY – October 11, 2023 – Deep Instinct, the prevention-first cybersecurity company that stops unknown malware pre-execution with a purpose-built, AI-based deep learning (DL) framework, today released its 2023 Bi-Annual Cyber Threat Report, which details the most pressing cyber threats of the year.

“This year feels different, like the start of a new era, as artificial intelligence quickly infiltrates the workforce and vulnerabilities like MOVEit continue to have a long-lasting impact on organizations,” said Mark Vaitzman, Threat Lab Team Leader at Deep Instinct. “This report showcases how cybercriminals are adapting to these shifts and becoming more sophisticated in their approach. Prevention against these cyber attacks is possible, but it requires a change from the reactive, ‘assume breach’ mentality that has plagued the industry for far too long.”

Top findings from Deep Instinct’s 2023 Bi-Annual Cyber Threat Report include the following:

Ransomware-as-a-Service (RaaS) attributed to a spike in H1 2023 ransomware victims.

The newest edition of the report found that more victims were affected by ransomware in the first half of 2023 than in the entirety of 2022. This is due to large-scale ransomware campaigns affecting a significant number of victims at once, such as the MOVEit vulnerability in early 2023. Additionally, threat actors continue to leverage RaaS to execute their attacks. From the launch of Lockbit’s affiliate program to new languages featured within BlackCat’s latest family, the impact and scale that RaaS offers ransomware gangs has proven successful.

State-sponsored attacks continue to rise and break records.

Russia has become one of the leading threat actors in the world. After several cyber attacks in 2022, including on Ukrainian government websites, organizations, and companies, several Russian groups such as Sandworm, Callisto, and Gamaredon continued their campaigns against the Eastern European nation in H1 2023.

In addition to Russia, Deep Instinct’s Threat Research team identified a new command and control framework, named PhonyC2, which has been used by the Iranian-based MuddyWater group since at least 2021. The threat lab also observed and analyzed a previously undocumented and undetected new variant of BPFdoor by Red Menshen, a Chinese threat actor.

Underground forums shutdown, but new alternative markets opened.

Throughout 2023, several large darknet and underground hacking forums were closed, including RAID Forums, Breached Forums, Genesis Market, and ASAP Market. Additionally, several ransomware leak sites were seized by the FBI, resulting in the arrests of cyber gang members. However, despite the arrests and closures, growth of the darknet continues. Deep Instinct has observed a flow of new ideas to avoid seizure, including mirroring and alternative protocols, as well as owners of previously shutdown forums opening new, alternative markets.

Cybercriminals taking advantage of LLMs.

The first half of 2023 saw the rise of powerful Large Language Models (LLMs). Cybercriminals took advantage of ChatGPT and other AI-based alternatives by using various jailbreaking guides in underground forums to build their own LLMs for attack, including WormGPT. Additionally, threat actors began abusing non-existent libraries suggested by ChatGPT, infiltrating those recommendations with malicious capabilities.

To download Deep Instinct’s 2023 Bi-Annual Cyber Threat Report, please click here. To learn more about Deep Instinct’s predictive prevention capabilities, visit www.deepinstinct.com.

Read more >
See our other articles here
© Chrysalis Investments Limited – All Rights Reserved

G10 Capital Limited is the AIFM to Chrysalis Investments Limited.
Chrysalis Investment Partners LLP is the investment adviser to G10 Capital Limited.
Chrysalis Investment Partners LLP is an appointed representative of G10 Capital Limited which is authorised and regulated by the Financial Conduct Authority.

Disclaimer - Important

THE WEBSITE YOU ARE SEEKING TO ACCESS IS MADE AVAILABLE BY CHRYSALIS INVESTMENTS LIMITED (THE “COMPANY“) IN GOOD FAITH AND IS PROVIDED FOR INFORMATION PURPOSES ONLY.

THE INFORMATION CONTAINED ON THIS WEBSITE IS INTENDED FOR PERSONS IN THE UNITED KINGDOM ONLY AND IN PARTICULAR IS NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, DIRECTLY OR INDIRECTLY, IN WHOLE OR IN PART, IN OR INTO ANY MEMBER STATE OF THE EUROPEAN ECONOMIC AREA (“EEA”), THE UNITED STATES, CANADA, AUSTRALIA, THE REPUBLIC OF SOUTH AFRICA OR JAPAN OR ANY OTHER JURISDICTION WHERE ITS RELEASE, PUBLICATION OR DISTRIBUTION IS OR MAY BE UNLAWFUL.

Please read this notice carefully – it applies to all persons who view this website. Please note that the terms set out below may be altered or updated without notice. You should read the following provisions in full each time you visit the site.

The information on this website is intended for, and may be accessed only by, persons in the United Kingdom. Viewing the materials you are seeking to access may not be lawful in other jurisdictions.

The information on this website is for information purposes only and does not constitute or form a part of any offer or invitation to sell or issue, or the solicitation of any offer to purchase or subscribe for, securities. Any subscription for securities in the Company may be made only pursuant to a prospectus issued by the Company from time to time that will provide detailed information about the Company and the securities to be offered (the “Prospectus”). Particular attention should be paid to the “Risk Factors” section of the Prospectus which will highlight specific risks relating to the Company.

No securities of the Company have been or will be registered under the US Securities Act of 1933, as amended (the “Securities Act“) or under the securities laws of any state or other jurisdiction of the United States and may not be offered, sold or delivered, directly or indirectly, in or into the United States, or to or for the account or benefit of any US person (within the meaning of Regulation S under the Securities Act). In addition, the Company has not been, and will not be, registered under the United States Investment Company Act of 1940, as amended. There will be no public offer of securities in the United States.

If you are not permitted to view this website or are in any doubt as to whether you are permitted to view this website, please exit this website immediately by clicking on the “Disagree” button below. The contents of this website must not be released or otherwise forwarded, distributed or sent, directly or indirectly, in whole or in part, outside the United Kingdom and in particular in or into any Member State of the EEA, the United States, Australia, Canada, the Republic of South Africa or Japan or any other jurisdiction where the distribution of such materials would or may breach any applicable law or regulation or would require any registration or licensing within such jurisdiction. Persons receiving any such materials (including, without limitation, custodians, nominees and trustees) should observe these restrictions and must not, directly or indirectly, in whole or in part, forward, distribute or send them in, into or from any jurisdiction outside the United Kingdom. Neither the Company, Jupiter Investment Management Limited (the “Investment Adviser”) nor their respective advisers accept any responsibility for any violation by any person of any of these restrictions.

Basis of access

Access to this website is for information purposes only. Any person seeking access to this website represents and warrants to the Company and the Investment Adviser that they are doing so for information purposes only. Making this website available does not constitute an offer to issue or sell or the solicitation of an offer to subscribe for or buy securities in the Company. Further, it does not constitute a recommendation by the Company or the Investment Manager or any associated company or any other person to subscribe for or buy securities in the Company. The information on this website is general in nature and does not in any way constitute investment, tax, legal or other advice.

None of the Company, the Investment Adviser or any other person has, or accepts, any responsibility or duty to update any information, document or announcement contained on this website and the Company reserves the right to add to, remove or amend any information available on this website at any time.

The information on this website is general in nature and may be subject to amendment and updating without notice. None of the Company, the Investment Adviser nor any other person guarantees the accuracy or completeness of any information on this website and each such person disclaims all representations and warranties, whether express or implied, to the greatest extent permitted by applicable law and regulation. By continuing to use this website, you agree to the exclusion by such persons, to the greatest extent permitted by applicable law and regulation, of any and all liability for any direct, indirect, punitive, consequential, incidental, special or other damages, including, without limitation, loss of profits, revenue or data arising out of or relating to the provision of and your use of this website and its content.
Neither the Company, its directors, the Investment Adviser nor any other person accepts any responsibility in respect of any information contained on any other website which may be linked to or from this website.

Use of Cookies

The Company uses cookies to track where you are accessing this website from. For further details of the types of cookie we use please refer to our Privacy and Cookies policy.

Confirmation of understanding and acceptance of terms

Please select your country of residence:

By clicking on the “Agree” button below, you confirm, represent and warrant to the Company and to Merian that you are located in the United Kingdom and you agree that you will not forward, distribute or send any materials contained in this website to any person outside the United Kingdom.

I have read and understood the terms set out above, which I understand may affect my rights and I agree to be bound by those terms. By clicking on the “Agree” button below, I confirm that I am permitted to access the website.