Cybercriminals Double Use of Advanced Malware

Cyberattacks are becoming increasingly sophisticated and dangerous. According to experts from Solar JSOC, cybercriminals are now using cyber intelligence data and advanced malware twice as often as before.

Researchers analyzed hacker activity during the first half of 2023. They found that while the proportion of critical incidents remained steady, the complexity of attacks has increased. For example, attackers now prefer malware capable of bypassing antivirus protection and the main tools used by Security Operations Centers (SOC) for monitoring and incident response.

“This situation may indicate that we are witnessing a new stage in the cyber arms race,” explain experts from RTK-Solar.

Organizations Adapt, But Threats Evolve

According to the researchers, large companies and the public sector have learned to cope with the previous wave of mass cyberattacks. However, their adversaries are also evolving: cybercriminals have expanded their toolkit, and targeted attacks have become more sophisticated.

Malware Becomes the Top Tool for Attackers

In the first half of 2023, malware became the most popular tool among cybercriminals, accounting for 53% of all incidents. By the second quarter, ransomware alone made up 36% of attacks.

The number of complex attacks doubled in the first six months of this year. Only specialists using Threat Intelligence and Threat Hunting processes were able to detect such compromises. The main reason is that attackers have started using advanced malware more frequently.

Increase in Network Attacks and Vulnerability Exploits

Analysts also noted that the share of network attacks and vulnerability exploits increased—from 4% to 8% in the first case, and from 6% to 11% in the second.