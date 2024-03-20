Cybercrime remains one of the most persistent challenges facing the modern business.

IT Governance reports there were 2,814 data breach incidents and more than 8-billion compromised records in 2023. Malware accounted for 40% of the security issues accounted for in the Orange Cyberdefense Security Navigator 2023; others were the result of network and application anomalies, system anomalies, account anomalies, policy violations and social engineering.

Ransomware — a type of malware — remains one of the most common threats. According to the Sophos State of Ransomware 2023 report, 27% of ransomware payments in 2023 were between $1m and $5m, and it costs companies an average of $1.82m to recover their data.

However, this form of attack is veering away from its encryption roots towards an extortion-led approach that cybercriminals are finding far more profitable and effective. Instead of encrypting the files — a process that takes time and patience to orchestrate — they are simply exfiltrating the data and holding it to ransom with the threat of selling or leaking it to the highest bidder.

It is a move that shows how good ransomware is at its job. The tools used to perpetrate ransomware attacks are increasingly sophisticated, aiming their sights at larger organisations using tools refined by artificial intelligence (AI) and investment to capture the data and extort increasingly hefty sums of money.

Ransomware-as-a-service is also playing a role in the success of this malware. Commoditised, it is being optimised to deliver a service to those who purchase and use it.

In addition, mobile malware, destructive malware, disk wipers and zero-day vulnerabilities were counted among 2023’s rising threats, with cloud third-party attacks also gaining ground.