Gatewatcher, the technology leader in network-based cyber threat detection, today published its third Cyber Threat Semester Report (#CTSR). The report explores the cyber threat trends over the period January – June 2023, as seen by Gatewatcher CTI, the cybersecurity software vendor’s Threat Intelligence platform, and the active intelligence of its Purple Team* analysts.
Alongside established sections such as malware types and actors, the H1 2023 report includes a new category revealing the most affected areas and sectors in terms of leaked identity credentials (i.e. e-mail addresses and passwords).
The Report is based around five key trends:
#1 Identifying the malware most frequently used by cyber attackers: Two malwares – Mirai and Qbot – continue to dominate the rankings compared with the second half of 2022, while Emotet continues its decline. Mirai remains at the top of the rankings, due to its self-replicating capabilities, the popularity of its targets among the general public and the lack of updates for these targets.
#2 Exposing the file types used: The report reveals that Windows remains the operating system most targeted by malware, while executable binaries remain a constant presence in the cybercriminals’ arsenal. Windows binaries (accounting for almost 64% of the files observed), HTML files (16%) and ELF files(1) (almost 14%) make up the top 3. HTML files, however, suffered a significant decline, losing 12% of occurrences compared with previous six-month periods.
#3 Revealing new threat actors: At the top of the list of the most active cybercriminals, the Gatewatcher CTI platform lists Bronze Buttler as the source of 47.82% of the malicious actions recorded, compared with just 0.32% in the second half of 2022. This was followed by SilverTerrier (13% compared with 14.58% in the previous half-year) and TA505 (11% compared with 3.84%). The Russian group Wizard Spider – which dominated the ranking over the period July-December 2022 – came fourth in the first half of 2023.
#4 Alerting the main sectors targeted: Three industries stand out as key targets in the first half of 2023: technology (12.34%), energy (9.18%) and education (8.10%) . Particularly targeted by ransomware attacks in the first half of 2023, the IT infrastructures of secondary education establishments appear in the leading pack. Like hospitals, schools and universities suffer from a significant and recurring lack of resources, investment and staff. By comparison, the banking, technology sector and freight / logistics sectors were the top three most targeted industries in the second half of 2022.
#5 Regions and sectors most affected by ID leaks: For this report, Gatewatcher added a new category, covering the Top-Level Domains (TLDs) that have leaked the most identifiers (email addresses + passwords) throughout the last six months. This data derives from phishing attempts, data theft via malware, or leaks from databases collected by Gatewatcher’s CTI platform. The .com TLD is perhaps unsurprisingly, the source of most leaks (22.91%), followed by the .edu domain names associated with the American education system. The report also details the leaks suffered by the national TLDs such as .co.uk, .fr, .de and .pl.
“In this third report, we have taken a close look at ID leaks, as they remains an extremely simple and effective means of intrusion. The risks associated with identification being based on just a log in and password are well documented and we encourage the development of passwordless alternatives as part of an ‘Identity Intelligence’ strategy, to combat the risks of this attack surface being exploited“, explains François Normand, Head of Cyber Threat Intelligence at Gatewatcher. “More generally, this report serves as a reminder, if one were really needed, that monitoring trends in new threats and ensuring they are visible are the most effective methods for reducing cyber risks and mitigating the impact of security incidents.”
Download the full report: Cyber Threats Semester Report