2023 was a rampant year for threat actors, as the maturation of ransomware as a service (RaaS) and the emergence of AI-enabled cybercrime tools (WormGPT and FraudGPT), these key factors made it easier for threat actors to acquire or develop cyber weapons. By observing the cyber incidents of 2023, we conducted an analysis of attack trends of 2023. This includes an overview of Ransomware as an Services’ (RaaS) attack trends and tactics in 2023, rising problems from supply chain compromises, and the global impact of country-level threat organization activities.

Ransomware crime syndicates are targeting enterprises for extortion, leaving everyone vulnerable. Ransom incidents have become routine, so how can we detect signs before significant harm is done? There are always precursors before ransomware truly impacts a company. This session will lead us from a blue team perspective to identify the signs of ransomware attacks. By recognizing these indicators early, we can mitigate the damage before it becomes severe.

Over the past decade, Taiwan has experienced a peak period of ransomware attacks. Just when we thought the number of such attacks would begin to decrease gradually, we have found that ransomware attacks based on "Linux" are gradually increasing! This session will use actual hacking cases to introduce how hackers attack Linux and Esxi systems to carry out large-scale ransomware attacks, while also discussing how to defend against such attacks.