2023 Threat Intelligence Report

What’s inside the Report

Discover the most recent edition of Rewterz's Annual Threat Intelligence Report, meticulously crafted through extensive research and data collection from our diverse Security Operations Centers (SOCs) and endpoints. Packed with enriched cybersecurity intelligence, this report is a valuable resource for organizations seeking to comprehend and fortify themselves against the evolving cyber risks of 2023, ensuring preparedness for potential threats in 2024. 

Valuable insights from Rewterz's Annual Threat Intelligence Report 2023 can empower organizations to enhance their security stance and establish a more robust protection framework. These conclusions stem from an in-depth analysis of hundreds of thousands of servers, protected endpoints, and managed Security Operations Centers (SOCs). To counter the dynamic tactics of cyber threat actors and ensure the Confidentiality, Integrity, and Availability (CIA) of organizations, our SOC teams utilize state-of-the-art threat intelligence and oversee real-time threat data through our advanced Security Orchestration Automation and Response (SOAR) platform, SIRP.

• China ranked as the world's foremost source of cyberattacks in 2023.
• Malware accounted for 94% of incidents, with Phishing and Leaked Credentials each contributing 2% of the category.
• Port 443 remained the primary target, followed by ports 500, 80, 23, 445, and 123.
• Various Exploit was the leading attack category, accounting for almost half of all recorded attacks. Firewall Dropped SYN Packet and Port Scanning were prominent attack categories.
• Information Disclosure, including Version Control, File Extension, and Common Files, accounted for approximately 87% of web application attacks.
• Ransomware became the most common malware type in 2023.
• New cyber threat called QR code phishing ("quishing") emerged in 2023.
• Manufacturing consistently most targeted, healthcare reemerging as a focal point. Financial, insurance, education, government, public, energy, and utilities sectors are highly vulnerable.
• Global surge in DDoS attacks, impacting major cloud service providers like Google Cloud, AWS, and Cloudflare. Google Cloud mitigated the largest-ever DDoS attack at 398 million requests per second in August.
• Notable ransomware groups like RA Group, 8Base, Akira, Abyss Locker, Play, and Black Basta employed double extortion tactics.
• Stealc and Ducktail with infostealer capabilities, DCRat, AsyncRAT, and RedLine Stealer were frequently observed.
• Trojan-Ransom.Wanna.UDP.C&C was a leading malware detected by Security Operations Centers.

To download a full copy of the Rewterz 2023 Threat Intelligence Report, please visit: Rewterz 2023 Threat Intelligence Report.