The phenomenon of “0-day” attacks that exploit vulnerabilities or design errors in software is growing. This was underlined by the 2024 Cybersecurity Annual Report Yoroi (Tinexta Group). In fact, according to the survey, 58% of successful (malware) attacks in 2023 can be traced back to this type of attack. There is no one against it yet defence note and a certain time to resolve the problem.
Attention and commitment in defense strategies
Fabrizio Vacca, Chief Operating Officer of Tinexta Cyber
This data suggests that cybercriminals rely on the element of surprise. As well as the use of new tools to overcome defenses and carry out their malicious operations. The worrying and increasing phenomenon of “0-day” attacks requires continuous attention and commitment in adopting cutting-edge and timely defense strategies.In 2024, we expect an increase in cyber attacks targeting the software, hardware and services businesses use to protect themselves. The attacks they will come even by less experienced hackers with the growth of Ransomware-as-a-service (RaaS). This is a business model in which savvy gangs sell their ransomware code to other hackers who use it, increasingly fueling the cybercrime market. As a result, companies will increase investments in technologies and solutions to protect themselves, in accordance with the European NIS2 directive, aimed at strengthening the general level of cybersecurity in the EU.
Artificial Intelligence will play a fundamental role in automating the response to cyber incidents and improving the ability to identify and prevent threats. Our motto “Defense belongs to humans” always places IT defense at the center of human responsibilities, also using AI as a defense weapon to protect our institutions, businesses and citizens.
“0-day” attacks are on the rise. What the 2023 data say
21% of detected malware has a interval of detection between zero and 15 days, underlining the crucial importance of adopting anticipatory defense approaches. The main cybersecurity threats are Infostealer attacks (26%) which operate as “digital thieves” by stealing information such as usernames, passwords and other personal data. This is followed by Trojans (20%), hidden viruses that, once installed on a computer, allow hackers to take over check of the system. Therefore access the user’s data without them realizing it.
Be careful with PDF attachments
Cyber criminals’ favorite means of spreading malware is email, and attached file formats play a crucial role in reaching victims. Yoroi’s report reveals that the most used format is PDF, making up 23% of infected attachments. The attackers did they exploit to trick users into opening the malware through links in PDF documents, requiring their active participation. Compressed files follow, especially ZIP (22%), which, being encrypted with a password, are recognized as safe and evade security checks. The objects The most common infected or deceptive email messages include the terms “remittance of checks and invoices” (21%), “receipts and payment reminders” (14%), and “orders and transactions” (5%). All communications have an economic and urgent nature to deceive and spread malware.
The vulnerability of PEC to IT attacks
Certified Email is also below attack. Yoroi has detected an increase in cyber attacks via PEC, a vital communication channel for public bodies, companies and citizens. In fact, it guarantees a legal validity comparable to that of a registered letter with return receipt. Despite its security protocols, PEC is vulnerable to cyber attacks. Yoroi’s monitoring of over 50 million PEC emails in 2023 revealed that attackers, through phishing, try to obtain sensitive information by posing as trustworthy entities. These attacks use deceptive PEC emails and web pages graphically similar to the legitimate ones.
2023 data: “0-day” attacks and hacker activism are growing
War is also cyber. L’hacktivism, that is, hacker cyber activism has emerged with Covid as a dynamic and global force. A phenomenon fueled by the use of tools and techniques to promote social or political causes, both in support of and in opposition to authorities and institutions. Yoroi has been monitoring it for 4 years, noting that the Russian-Ukrainian conflict has accelerated. Thus highlighting the centrality of telecommunications and the potential impact of hacktivist actions on global cybersecurity and geopolitics. Yoroi noted the hacktivist groups that have arisen to actively support the policies of Russia and its allies.
The threat of the “Five Families”
Another phenomenon of global interest is the formation of the “Five Families”, an unprecedented alliance of anarchist groups in the contemporary hacker scene. This grouping, made up of BlackForums, Threatsec, GhostSec, Stormous and Sieged, promotes unity and collaboration within the community underground of the Internet. Their mission is to facilitate the growth and development of hacker operations, placing particular emphasis on sharing of knowledge and resources.