Abyss Locker is a relatively new ransomware operation that is believed to have launched in March 2023, when it began to target companies in attacks. The Abyss Locker ransomware group has evolved into a menace for a wide array of entities, including industrial control systems (ICS), enterprises, and public-sector organizations. This shift is attributed to the introduction of a specialized Linux encryptor designed to target VMware’s ESXi virtualized environments.

AZORult stealer was first discovered in 2016 and is regarded as a high-risk Trojan-type virus created to collect private data. Over time,the AZORult stealer evolved into a free, open-source program. We discovered advertising with instructions for installing the stealer in “TheJavaSea” and “Nulled” within the prominent Darknet forums. AZORult, one of the most dominant stealers, has taken the place of honor among the top 5 stealers worldwide in the last couple of years.

2023 was full of cases, campaigns, arrests and developments worldwide in the cybersecurity world. Through continued research and monitoring of various threats and risks worldwide, the Cyberint Research Team forecasts how they will affect our lives in 2024. Cyberint considered many factors in our predictions for 2024 as we wanted to emphasize how these risks will react to technological, political and strategic trends.

For years, the BFSI industry has been a top target for cyberattackers. Yet, despite long-standing awareness of financial cyber risks, the problem is only getting worse as banks, insurance companies, FinTech businesses and other organizations that operate in the finance sector face a growing array of threats and risks. For example, threat actors are increasingly using financial organizations’ customers as a vector for attack.

Update: Meta appears to be coming online again. Breaking news: 3 threat actor groups (Skynet, Godzilla, and Anonymous Sudan) have claimed to attack and shut down Facebook, Threads and Instagram. Users are being automatically logged out of Meta and being shown session expired messages. Then they are unable to log back in. Instagram is showing feed errors.

Play is a recent entrant into the realm of ransomware, with its initial appearance being identified in June 2022. In this context, “Play” encompasses both the entity responsible for its development and distribution, as well as the name of the executable used for the ransomware. Following a pattern observed among numerous actors in this domain, Play has embraced the strategy of double extortion.

2023 is considered the most successful year for ransomware groups in history. One of the most common threats to organizations worldwide claimed this year 4,368 victims – a climb of over 55.5% since last year. Q2 and Q3 alone claimed more victims than the entire 2022, with 2903 victims.

Rhadamanthys, an info stealer, written in C++, was first seen on August 22, 2022. This stealer, still gets updates and patched regularly. Version 0.5.0 shifted towards a more customizable framework allowing threat actors to counter security measures and exploit vulnerabilities by deploying targeted plugins, such as ‘Data Spy,’ which monitors RDP logins.

A fresh entrant, “Exodus,” has recently emerged on the dark web scene, positioning itself to potentially become one of the key players in the info stealer logs marketplaces. Launched in January 2024, it quickly began to draw attention by mid-February on several dark web forums for its potential to become a significant player, alongside established names like Russian Market and 2easy Shop.