Sophos published its 2023 Threat Report . The report describes, among other things, a new level of commercialization within cybercrime, through which low-threshold entry-level offers are increasingly available for potential attackers: Almost all scenarios are for sale. A booming cybercrime-as-a-service market is open to a criminal buyer base that ranges from the highly tech-savvy to the completely ignorant.
Here is an overview of the topics of the current Sophos Threat Report:
- The cybercrime-as-a-service industry has reached a new level of commercialization that removes many barriers to entry for cybercrime prospects and, given the liquidity, puts advanced threat tactics in the hands of almost all criminals.
- Ransomware remains one of the biggest threats to businesses, with cybercriminals focusing on “innovating” their attack tactics and extortion techniques.
- The war in Ukraine has led to a restructuring of criminal alliances and a reorganization of the ransomware landscape.
- Cybercriminals are increasingly relying on the theft of credentials to infiltrate targeted networks.
- Threat actors continue to rely on legitimate tools and executables to carry out attacks and increasingly introduce their own vulnerabilities.
- Mobile devices are at the center of new types of cybercrime - both Android and iOS devices are affected.
- One of the oldest forms of crypto crime – crypto mining – is on the decline as Monero (one of the most popular currencies) loses value. Crypto fraud, on the other hand, is already a growing industry in South Asia.
Ransomware as a market driver and blueprint for other types of malware
Criminal underground marketplaces like Genesis have long enabled the purchase of malware and malware implementation services (“malware-as-a-service”), as well as the sale of stolen credentials and other data in bulk. Over the past decade, as ransomware has become increasingly popular, an entire “ ransomware-as-a-service ” economy has emerged. Cyber criminals have taken an example from the success of this infrastructure and are following suit. Now, in 2022, the “as-a-service” model has expanded massively, and almost every aspect of cybercrime – from initial infection to ways to avoid detection – is available for purchase.
In addition, cybercriminal marketplaces are increasingly working like normal companies. Some marketplaces have set up their own job search and employee recruitment pages, where job seekers briefly list their skills and qualifications.
“Cybercriminals are now selling tools and capabilities that were once only in the hands of some of the most sophisticated attackers as services to other actors,” said Sean Gallagher, Principal Threat Researcher at Sophos. “For example, last year we saw ads for OPSEC-as-a-Service, in which sellers offered to help attackers hide Cobalt Strike infections, and we saw Scanning-a-Service giving buyers access to legitimate commercial tools like Metasploit so they can find and then exploit vulnerabilities. The commercialization of almost all components of cybercrime opens up new opportunities for attackers of all kinds.”
Shifting cybercriminal partnerships due to Ukraine war
Traditionally, Ukrainians and Russians have long been partners in the cybercrime business - especially when it comes to ransomware. However, with the outbreak of war, some gangs broke up. This led, among other things, to the Conti Leaks – the publication of the chat logs of this ransomware group. Another Twitter account also claimed to have spied on the alleged members of Trickbot, Conti, Mazo, Diavol, Ryuk and Wizard Spiders. Overall, international work against ransomware has not become any easier. Ransomware groups have regrouped and, among other things, it appears that a new “REvil” has emerged.
Ransomware remains popular and innovative
Despite the expansion of the cybercrime infrastructure, ransomware remains very popular and extremely profitable. Over the past year, ransomware operators have worked to expand their potential attack capabilities by targeting platforms other than Windows and introducing new languages such as Rust and Go to avoid detection. Some groups, most notably Lockbit 3.0, have diversified their operations and developed more “innovative” methods of extorting victims.
“When we talk about the increasing sophistication of the criminal underground, this also applies to the world of ransomware. Lockbit 3.0, for example, now offers bug bounty programs for its malware and is soliciting ideas from the criminal community to improve its operations. Other groups have moved to a “subscription model” for access to their captured data, and still others are auctioning it off. “Ransomware has become a business first and foremost,” said Gallagher.
Hot goods credentials
The evolving underground economy has not only incentivized the growth of ransomware and the “as-a-service” industry, but has also increased the demand for stolen credentials. As web services expand, different types of credentials, particularly cookies, can be used in a variety of ways to gain deeper footholds in networks and even bypass multifactor authentication. Stealing credentials is also one of the easiest ways for criminals to gain access to underground markets and start their “careers.”
About the Sophos Threat Report 2023 : The Sophos Threat Report 2023 is based on research and insights from Sophos X-Ops, a new, cross-functional unit that connects three established teams of cybersecurity experts at Sophos (SophosLabs, Sophos SecOps and Sophos AI). . Sophos To learn more about daily cyberattacks and TTPs, follow Sophos X-Ops on Twitter and subscribe for the latest threat intelligence and security operations articles and reports from the front lines of cybersecurity.
You can find the entire report here: https://www.sophos.com/en-us/content/security-threat-report
Also read: Targeted cyber attacks instead of mass attacks
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

