The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform’s surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team.
In 2023, the cybersecurity landscape witnessed a remarkable rise in cyberattacks.
One notable shift was the cyber risk integration with business risk, a concept gaining traction in boardrooms worldwide. As the magnitude of losses due to cyberattacks became evident, organizations started reevaluating their strategies.
Geopolitical factors played a significant role in shaping information security. The conflicts between nations like Russia and Ukraine had ripple effects, influencing the tactics of cybercriminals. It was a year where external factors intertwined with digital threats.
Ransomware attacks, once primarily focused on encryption, took a new turn. Threat actors prioritized data exposure, targeting organizations with hefty fines for data breaches. The stakes were higher than ever.
Artificial intelligence emerged as a potent weapon in cyberattacks. From deepfake videos featuring celebrities to automated social engineering, AI’s role in cybercrime has grown substantially.
One example is the fake videos promoting cryptocurrency scams using celebrities such as billionaire Elon Musk and Ethereum creator Vitalik Buterin. The videos use images of these executives at events, but the original lines are replaced by an AI-synthesized voice. The images are only altered to ensure lip sync, which is another function of this type of AI.
Hacktivist groups also made their mark, aligning with various sides during global conflicts. Their symbolic attacks posed risks to individuals and organizations, highlighting the need for vigilance in an interconnected world.
Let’s delve into the platform’s data, here synthesized into 7 key findings.
1. A Threefold Increase in Leaked Cards
The report indicates a troubling escalation in cyber threats. In 2023, a staggering 13.5 million credit and debit card details were leaked, tripling the number from the previous year. The United States tops the list, accounting for nearly half of all detected card leaks. This surge reflects the intensified activities on Deep & Dark Web channels, where such data are frequently traded.
|Top 10 Countries with the Most Exposed Cards
2. Spotlight on Credential Leaks and Info Stealers
Credential leaks, although stable at 4.2 billion, have witnessed a shift with a surge in pastes and major leaks as sources. Notably, 15% of these exposed credentials can be considered corporate, highlighting the urgency of robust corporate cybersecurity measures.
Distinctively, credential stealer malware poses a significant threat by obtaining 98% of credentials in plain text, bypassing encryption hurdles. These stolen passwords are meticulously cataloged in log files, providing cybercriminals with insights into acquisition methods. Furthermore, credential stealers capture authorization tokens and cookies, potentially compromising multi-factor authentication.
|Source of Credentials Leakage in 2023
3. Brand Misuse and Digital Fraud Panorama
Unconventional use of brand impersonation, such as in social media profiles, apps, and paid advertisements, led to 200,680 detections in 2023, a slight increase from the previous year.
|Types of Brand Misuse in 2023
4. New Frauds: Evolving Tactics
The report has identified a series of novel tactics that demand our attention. Notably, threat actors now possess the capability to establish complete e-commerce stores within a matter of minutes, leveraging popular platforms.
Furthermore, the rise of “apphishing” scams has taken center stage, showcasing the increasing sophistication of contemporary cyber fraud. In these scams, malicious apps masquerade as legitimate browsers, loading cloned pages under the control of cybercriminals. This emerging trend highlights the need for heightened vigilance and innovative countermeasures to combat these evolving threats effectively.
5. Behind the Disruption Metrics: Takedown and Uptime
Last year, Axur executed 330,612 takedowns (the removal of a website or page from the internet) with a remarkable success rate, particularly in countering threats such as phishing (96.85%) and fake accounts (97.63%). The highlight of this process is the automated notification workflows that significantly reduce the time between incident identification and provider notifications.
For instance, Axur initiates notifications for phishing cases within 5 minutes, providing efficient handling for entities such as Shopify, Cloudflare, Namecheap, Hostinger, and GoDaddy, often within the same day. When addressing brand impersonation, accounts can be removed from platforms like Facebook and Instagram (typically within an average time of 41 minutes and 56 minutes, respectively) following notifications.
|Takedown Response Time by Organization and Platform
6. Deep & Dark Web Insights: Monitoring the Underworld
The analysis of 133 million messages and posts on the Deep & Dark Web provided insights into the tactics and procedures of malicious agents, playing a crucial role in preventing cyber threats. This monitoring extends to messaging apps such as Telegram, WhatsApp, and Discord, as well as deep web forums and illicit marketplaces where cybercriminals trade leaked data, compromised computer access, and illicit services.
There are more than 529,965 incidents on monitored Deep & Dark Web sources, focusing on retail/e-commerce, financial institutions, and technology services sectors.
|Most Targeted Sectors on the Deep & Dark Web in 2023
Notably, 374,592 incidents resulted from text detections, while 155,373 incidents were attributed to audio, video, or image detections. Multimedia content analysis is increasingly vital as it unveils hidden threats and enhances overall threat visibility.
7. Artificial Intelligence: A New Frontier in Cybercrime
Artificial Intelligence (AI) tools, beneficial for software and content creation, are now being used for malicious purposes. These tools enable scammers to craft more convincing narratives and interactions, enhancing the sophistication of fraud. On the other hand, Axur is pioneering the use of generative AI in cyber defense, launching Polaris.
Polaris: AI-powered platform to automate threat management
As the core of this AI-driven platform, a specialized Large Language Model sifts through vast data pools, delivering tailored, actionable insights directly aligned with the organization’s unique attack surface. This innovative approach not only streamlines the threat intelligence process but also ensures that security teams focus on strategic responses, enhancing productivity and decision-making.
Polaris signifies a departure from the overwhelming, fragmented nature of traditional threat management by offering a cohesive and focused perspective that facilitates swift, informed actions against potential threats, dramatically reducing analysis time and enhancing organizational response capability.
The Axur Report elucidates the intricate and evolving cyber threat landscape, particularly highlighting the vulnerabilities and challenges faced in the United States. The data presented underscores an urgent need for organizations to adapt and fortify their cybersecurity frameworks in response to the growing sophistication of cyber threats.
To navigate the complexities of the current cybersecurity landscape, organizations must focus on two pivotal strategies:
1. Comprehensive Monitoring and Swift Response:
The essence of robust cybersecurity lies in the extended monitoring of digital assets and the efficiency of response mechanisms. Organizations must ensure deep surveillance of their digital ecosystem, including tracking credential sources, monitoring the proliferation of fake profiles and apps, and vigilant oversight of Deep & Dark Web activities.
This thorough monitoring must be coupled with a quick and decisive response to minimize the exposure window of potential fraud and digital risks. By identifying and addressing threats promptly, organizations can significantly mitigate the impacts of cyber incidents.
2. Harnessing AI for Threat Intelligence and Automation:
Leveraging artificial intelligence is becoming not just beneficial but essential. As manual work is no longer viable, AI-driven technologies offer unparalleled advantages in scaling and automating the detection and neutralization of cyber threats. By adopting AI-powered advanced security solutions, organizations can enhance their threat monitoring and analysis capabilities.
This not only ensures a quick and informed response to cyber incidents but also strengthens the organization’s overall defense framework. Embracing a multi-layered security approach that combines proactive prevention with reactive strategies and AI’s analytical prowess ensures a more resilient defense against the increasingly sophisticated landscape of cyber threats.
Axur is a cutting-edge External Threat Intelligence platform renowned for its end-to-end automation, top-tier takedown capabilities, and scalable intelligence. Empowering information security teams, Axur ensures safer digital experiences by detecting, inspecting, and containing threats across the external perimeter.