Trend Micro Incorporated, a global cybersecurity leader, has revealed that it blocked around 18 million email threats, almost two million malicious Uniform Resource Locators (URLs) and over four million malicious mobile apps targeted at Nigerian businesses and consumers between January and December 2023.
This is as threat actors deviate from big-batch attacks to focus on a narrower range of more lucrative targets.
These new patterns in the cybercrime landscape are highlighted in the Trend Micro 2023 Annual Cybersecurity Report, which presents highlights from the company’s telemetry covering the broadest attack surface view across millions of commercial and consumer clients.
“Our latest data shows that threat actors are fine-tuning their operations, shifting away from large-scale attacks and instead focusing on a smaller range of targets but with higher victim profiles for maximum gain with minimum effort.
“As they continue to double down on tried and tested techniques, they are also delegating and streamlining operations, resulting in bolder, more effective strikes,” Mr Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro said.
Though thousands of ransomware attacks were blocked by Trend Micro in Nigeria in 2023, year-on-year research shows that ransomware groups are working smarter instead of harder, prioritising high-value targets over volume.
There has been a general downward trend in ransomware detections, with worldwide detections from 2021 to 2023 averaging less than half of the recorded detections in 2020. However, this should not be misconstrued as a cue for security operations centres and decision-makers to lower their guards.
Historically, ransomware attacks were launched in “bulk” such as spam campaigns with malicious links, but attacks that focus on quantity can more easily be blocked.
A continued increase in Trojan FRS threat detections globally could suggest that attackers are using more effective ways to evade preliminary detection by focusing on arrival and defense evasion techniques.
Examples of this include living-off-the-land binaries and scripts. Because these computer files are non-malicious in nature and local to the operating system, they can be used by threat actors to camouflage their attacks.
Last year, several ransomware families across the world were also observed maximising remote and intermittent encryption, as well as abusing unmonitored virtual machines to bypass endpoint detection and response. Because there is less content used during intermittent encryption, for example, there is less chance of triggering detection.
Gangs are also launching bolder attacks: prolific groups were some of the most active in 2023, Clop exploited major vulnerabilities and BlackCat launched a new variant while also making its extortion public by leveraging the U.S. Security and Exchange Commission’s four-day disclosure requirement to incentivise its victim to communicate more quickly with them.
This trend towards threat actors opting for quality over quantity is equally present in the patterns observed around email threats. Though email threat detections in Nigeria decreased from more than 45 million in 2021 to 18 million in 2023, the increase in malware detection count over the same period suggests a shift in the threat landscape that finds attackers making use of more sophisticated ways to avoid detection.
Trend Micro’s data also shows a slight decrease in malicious URL detection in Nigeria from 2021 to 2023, indicating that instead of focusing on malicious links to randomly victimise users, criminals are using more targeted operations, such as BEC schemes, where emails are less likely to undergo scrutiny because of how legitimate they look.
ALSO READ: One year after, Nigeria not working under Tinubu — Atiku
and then