Cyber Threat Surge: Trend Micro Blocks 160 billion Global Incidents in 2023

Australia remains amongst top country rankings for malware detection

SYDNEY, March 11, 2024 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed a global 10% annual increase in total threats blocked in 2023 and warned that attackers are using more advanced methods to target fewer victims with the potential for higher financial gains.

In 2023, Australia encountered nearly 176 million email threats and was among the top ten countries surveyed with the highest number of malware detections, representing 2.7% of the total global detections. Furthermore, the country has ranked eighth among countries with the highest detection of URL victims at 52 million.

Mick McCluney, Technical Director ANZ at Trend: "Globally, we're blocking more threats than ever before for our customers, and this is no different for Australia. A high detection of malicious URLs compared to other countries shows that this is becoming an effective attack vector for cyber criminals, and perhaps indicates a call for deeper employee education around phishing attacks in Australia.  Also, as our report demonstrates, network defenders must continue to proactively manage risk across the entire attack surface today. Understanding the strategies favoured by our adversaries is the foundation of effective defence."

Trend Micro blocked 161 billion global threats overall in 2023, compared to 82 billion threats five years ago. In 2023, threats blocked by email and web reputation dropped annually by 47% and 2%, respectively. Threats blocked by Trend's Mobile Application Reputation Service (-2%), Smart Home Network (-12%), and Internet of Things Reputation Service (-64%) also declined. However, there was a 35% annual increase in threats blocked under Trend's File Reputation Service (FRS).

To read a copy of the report, Calibrating Expansion: Annual Cybersecurity Threat Report, please visit: https://www.trendmicro.com/vinfo/au/security/news/threat-landscape/calibrating-expansion-2023-annual-cybersecurity-threat-report

This could indicate that threat actors are choosing their targets more carefully. Instead of launching attacks on a wider range of users and relying on victims clicking on malicious links in websites and emails, they're targeting a smaller number of higher-profile victims with more sophisticated attacks. This might enable them to bypass early detection layers like network and email filters—which could explain the surge in malicious file detections at endpoints.

Some other global trends observed in the report include:

• APT actors showed a variety and sophistication of their attacks against victims, especially around defence evasion tactics.
• Email malware detection surged by 349% year-on-year (YoY), while malicious and phishing URL detections declined by 27% YoY – again highlighting the trend for more using malicious attachments in their attacks.
• Business email compromise (BEC) detections increased 16% YoY.
• Ransomware detections dropped 14% YoY. However, once again, the increase in FRS detections may indicate that threat actors are getting better at evading primary detection via techniques such as Living-Off-The-Land Binaries and Scripts (LOLBINs/LOLBAs), Bring Your Own Vulnerable Driver (BYOVD), zero-day exploits, and AV termination.
• Linux and MacOS ransomware attacks were 8% of the overall ransomware detections.
• There was an increase in remote encryption, intermittent encryption, EDR bypass using unmonitored virtual machines (VMs), and multi-ransomware attacks where victims were hit more than once. Adversaries have recognised EDR as a formidable defence but are now utilising bypass tactics to get around this technology.
• Thailand and the US were the top two ransomware victim countries, with banking as the most affected sector.
• The top MITRE ATT&CK detections were defence evasion, command & control, initial access, persistence, and impact
• Risky cloud app access was the top risk event detected by Trend's attack surface risk management (ASRM), recorded almost 83 billion times.
• Trend's Zero Day Initiative discovered and responsibly disclosed 1914 zero-days, up 12% YoY. These included 111 Adobe Acrobat and Reader bugs. Adobe was the number one vendor for vulnerability reporting, and PDFs were the number one spam attachment type.
• Windows applications were the top 3 vulnerabilities exploited through detections from our virtual patches.
• Mimikatz (used in data harvesting) and Cobalt Strike (used in Command & Control) continued to be the preferred legitimate tools to abuse to aid criminal activity.

In light of these findings, Trend advises network defenders to:

• Work with trusted security vendors with a cybersecurity platform approach to ensure resources are not only secured but also continuously monitored for new vulnerabilities.
• Prioritise SOC efficiency by monitoring cloud applications carefully as they become more closely integrated into day-to-day operations.
• Ensure all the latest patches/upgrades are applied to operating systems and applications.
• Utilise comprehensive security protocols to safeguard against vulnerabilities, tighten configuration settings, control application access, and enhance account and device security. Look to detect ransomware attacks earlier in the attack lifecycle by shifting left in defences during initial access, lateral movement, or data exfiltration stages.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defence techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organisations to simplify and secure their connected world. www.TrendMicro.com.au