2023 was full of cases, campaigns, arrests and developments worldwide in the cybersecurity world. Through continued research and monitoring of various threats and risks worldwide, the Cyberint Research Team forecasts how they will affect our lives in 2024. Cyberint considered many factors in our predictions for 2024 as we wanted to emphasize how these risks will react to technological, political and strategic trends.

For years, the BFSI industry has been a top target for cyberattackers. Yet, despite long-standing awareness of financial cyber risks, the problem is only getting worse as banks, insurance companies, FinTech businesses and other organizations that operate in the finance sector face a growing array of threats and risks. For example, threat actors are increasingly using financial organizations’ customers as a vector for attack.

Update: Meta appears to be coming online again. Breaking news: 3 threat actor groups (Skynet, Godzilla, and Anonymous Sudan) have claimed to attack and shut down Facebook, Threads and Instagram. Users are being automatically logged out of Meta and being shown session expired messages. Then they are unable to log back in. Instagram is showing feed errors.

Play is a recent entrant into the realm of ransomware, with its initial appearance being identified in June 2022. In this context, “Play” encompasses both the entity responsible for its development and distribution, as well as the name of the executable used for the ransomware. Following a pattern observed among numerous actors in this domain, Play has embraced the strategy of double extortion.

2023 is considered the most successful year for ransomware groups in history. One of the most common threats to organizations worldwide claimed this year 4,368 victims – a climb of over 55.5% since last year. Q2 and Q3 alone claimed more victims than the entire 2022, with 2903 victims.

Rhadamanthys, an info stealer, written in C++, was first seen on August 22, 2022. This stealer, still gets updates and patched regularly. Version 0.5.0 shifted towards a more customizable framework allowing threat actors to counter security measures and exploit vulnerabilities by deploying targeted plugins, such as ‘Data Spy,’ which monitors RDP logins.

A fresh entrant, “Exodus,” has recently emerged on the dark web scene, positioning itself to potentially become one of the key players in the info stealer logs marketplaces. Launched in January 2024, it quickly began to draw attention by mid-February on several dark web forums for its potential to become a significant player, alongside established names like Russian Market and 2easy Shop.

Monster, a novel Ransomware-as-a-Service (RaaS) built on Delphi, surfaced in March 2022 and caught the attention of the BlackBerry Incident Response (IR) team during an incident investigation. After its initial appearance, Monster’s capabilities and its ransomware partnership program were promoted on the Russian Anonymous Marketplace (RAMP) in June. The mastermind behind Monster ransomware later introduced an enhanced version named Beast Ransomware, incorporating advanced features.

According to CISA, since the latter part of 2021, the perpetrators behind Snatch Ransomware have persistently adapted their strategies, capitalizing on prevailing tendencies and the operational successes of other ransomware variants within the cybercrime arena. Snatch has cast a wide net, targeting numerous sectors critical to infrastructure, including but not limited to the Defense, Industry, Food and Agriculture, and Information Technology sectors.

The TargetCompany ransomware group, first identified in June 2021, garnered its name due to its distinctive practice of appending the names of the targeted organizations to encrypted files. Over time, the group has exhibited a dynamic evolution, frequently changing encryption algorithms, decryptor characteristics, and file name extensions.