Group-IB reveals surge in ransomware against backdrop of growing AI threats
New Synopsys report finds 74 % of codebases contained open-source vulnerabilities
CISO news
Group-IB reveals surge in ransomware against backdrop of growing AI threats
roup-IB has launched its new report Hi-Tech Crime Trends 2023 / 2024 , the latest edition of the company ’ s annual
G round-up of the most pressing global cyberthreats to organisations and individuals .
In the research , Group-IB analysts reveal how the unholy alliance between ransomware groups and Initial Access Brokers ( IABs ) is still the powerful engine for the cybercriminal industry , evidenced by the 74 % year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites ( DLS ).
Global threat actors also demonstrated increased interest in Apple platforms , exemplified by the fivefold increase in underground sales related to macOS information stealers .
The growing appetite of nation-state sponsored threat actors , also known as advanced persistent threat ( APT ) groups , has shown that no region is immune to cyberthreats . Group-IB experts discovered a 70 % increase in the number of public posts offering zero-day exploits for sale , and also identified cybercriminals ’ malicious use of legitimate services and AI infused technologies as the main cyber-risks for 2024 .
The first edition of Hi-Tech Crime Trends was launched 12 years ago , and the information contained in the report enables businesses ,
NGOs , governments and law enforcement agencies to fight cybercrime and help potential victims .
For the first time , the report includes a section outlining the intricate relationship between AI and cybersecurity threats , outlining how this new technology is being leveraged by cybercriminals .
New Synopsys report finds 74 % of codebases contained open-source vulnerabilities
The report provides security , development and legal teams with a comprehensive view of the open-source landscape , including trends in the adoption and use of open-source software as well as the prevalence of security vulnerabilities , and software licensing and code quality risks .
While codebases containing at least one open-source vulnerability remained consistent year over year at 84 %, significantly more codebases contained high-risk vulnerabilities in 2023 .
S ynopsys has released the ninth edition of the annual Open Source Security and Risk Analysis ( OSSRA ) report .
The research highlights that nearly three-quarters of commercial codebases assessed for risk contain open-source components impacted by high-risk vulnerabilities , representing a sharp uptick from the previous year .
In the 2024 OSSRA report , the Synopsys Cybersecurity Research Center ( CyRC ) analyses anonymised findings from more than 1,000 commercial codebase audits across 17 industries .
This can potentially be attributed to variables like economic instability and the consequent layoffs of tech workers , reducing the number of resources available to patch vulnerabilities .
According to the data , the percentage of codebases with high-risk open-source vulnerabilities – those that have been actively exploited , have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities – increased from 48 % in 2022 to 74 % in 2023 .
“ This year ’ s OSSRA report indicates an alarming rise in high-risk opensource vulnerabilities across a variety of critical industries , leaving them at risk for exploitation by cybercriminals ,” said Jason Schmitt , General Manager , Synopsys Software Integrity Group .
WWW . INTELLIGENTCISO . COM 7