DirectDefense’s 2022 Threat Report & 2023 Trends: Insights into evolving cybersecurity challenges and future security trends. DirectDefense provides enterprise risk assessments, 24/7 managed services, penetration testing and ICS/SCADA security services. Headquartered in Englewood, CO, with locations across the United States, the company implements best-practice security programs that elevate their clients’ security posture to a new level of protection and resilience.
In 2022, they experienced a significant increase in the number of attacks against their clients. Here are the top threats they faced last year and what’s trending for 2023.
Ransomware
A resurgence in cyberattacks has put ransomware back in the spotlight, but the good news is that years of fighting this threat on multiple fronts appears to be having an effect. According to Chainalysis, ransomware payments declined significantly in 2022. This drop can be attributed to several factors including improved cybersecurity awareness, turmoil in cryptocurrency markets, and victims heeding law enforcement pleas to not pay.
Security specialists are also watching for a change in ransomware attack strategies. For example, attackers are increasingly using ransomware as a service (RaaS), which provides all of the code and operational infrastructure needed to launch an attack. This is a big departure from the days when attackers used to write their own malicious code and run their attacks with a unique set of infrastructure.
Additionally, security experts are noticing that attackers are becoming more selective about what industries and organizations they target. For example, COVID-19 prompted many ransomware groups to shift their attacks against healthcare systems that were under significant strain during the pandemic. Other global events, such as wars and conflicts, can also shift the focus of a ransomware gang.
While the days of a simple system lockdown and data encryption are over, ransomware attacks are still a top threat for businesses. Attackers are increasingly demanding multi-million dollar payouts, publicly shaming victims on leak sites, and blackmailing consumers in double- or triple-extortion schemes.
In addition, critical infrastructure organizations continue to be a top target for attackers. According to the 2022 Cost of a Data Breach Report from IBM, these organizations are 23% more likely to suffer a data breach than other industries. They lag behind their peers in implementing a zero trust strategy and security technologies, and are more susceptible to attacks that leverage stolen credentials and remote access capabilities.
Some of the most notable attacks in 2022 against critical infrastructure included a ransomware attack on Sinclair Broadcast Group, which crippled its broadcast operations; an attack linked to the HIVE malware that hit the Costa Rican social security fund; and an attack on the Ukrainian railway system. For these reasons, companies should continue to invest in security technology and implement a comprehensive risk management framework that includes threat intelligence, third-party vendor risk assessment, and automated vulnerability scanning to protect against ransomware attacks.
Application Process Analysis
The use of AI is a growing trend in cybersecurity, and it’s no wonder. AI can help to detect anomalous patterns and behavior that human analysts may miss. This helps to keep threats at bay, and it allows businesses to respond quickly if an attack does occur.
In 2023, businesses need to make sure they are evaluating AI powered security solutions that can provide the advanced monitoring, threat detection, and rapid response capabilities that will keep them secure from today’s cyber criminals. It’s also important to remember that the threat landscape is constantly changing. Cybercriminals are always finding new ways to circumvent existing security tools and exploit weaknesses in the software they target.
A number of security services companies are taking a proactive approach to securing data and applications with zero trust network access (ZTNA). The idea behind this type of security is that it prevents attacks by allowing only authorized users to gain access to the network, which is then continually checked, assessed, and verified using a variety of authentication methods.
This security model is gaining popularity in the US government sector, where defense contractors need to demonstrate compliance with the Cybersecurity Maturity Model Certification (CMMC) and other laws, standards, and best practices. In the case of mission-critical industries, such as those that provide military and civilian infrastructure, implementing a full-lifecycle hardware and software development service with performance defense will be critical to ensure their security.
Drive-by compromise remains the most common malware delivery method, and this is a challenge for all organizations. To combat this, businesses need to install intrusion prevention systems (IPS) technology that can filter out malicious code and block attacks from launching on the system. In addition, ongoing employee training is essential for preventing cyberattacks.
Bad actors often recycle old attack methods that have proven successful in the past, reimagining them and refining them to sidestep detection by security tools. This is why it is not uncommon to see a familiar name pop up in botnet and malware lists. Examples of this include the resurgence of the GRU’s Fancy Bear and SVR’s Cozy Bear, as well as hacktivist auxiliaries like XakNet and KillNet.
Phishing
In a world that increasingly relies on digital communication, cybercriminals have turned to phishing attacks. In these attacks, attackers send deceptive messages to trick a victim into providing sensitive information or launching malware on their system. Phishing can occur through email, text messaging, and even phone calls (vishing or smishing).
One of the more significant developments in phishing is the use of machine learning to study a victim’s behavior online. This allows attackers to create more sophisticated phishing emails that are more likely to succeed.
Another trend in phishing is geo-targeting. This is where attackers craft their phishing emails by including local data such as addresses, banks, or other information to make the attack more believable. This is more effective than traditional phishing where the attacker uses generic or fake names.
As phishing becomes more sophisticated, attackers are impersonating executives and other official vendors. This is especially true since the COVID-19 pandemic caused a major uptick in work-from-home assignments for employees. This, combined with poor cybersecurity and personal devices with access to corporate networks, has given attackers an edge in targeting these at-home workers.
A phishing email can be incredibly convincing, especially when it is targeting a high-value target. For example, in 2008, hackers posed as corporate CEOs to gain access to sensitive information such as passwords by sending email notifications that appeared to be FBI subpoenas to CEOs. The attackers then used these credentials to download keyloggers that could gather further details from the CEO’s computer.
Attackers can also target specific industries. For example, a phishing campaign may be crafted to target a construction company or finance industry. This allows attackers to focus on a niche and increase the chance of successfully gaining critical information.
The threat of phishing is unlikely to diminish, and anyone who uses email or other forms of digital communication is at risk. It is important to implement best-practice security programs that elevate your organization’s security posture. These programs will help your organization mitigate the effects of phishing, as well as other emerging threats that are on the rise.
