Study of past cyber attacks can improve organizations’ defense strategies

Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that involves access brokers, ransomware service providers, insurance providers, and ransom negotiators, according to Deepwatch.

Evolving threats

• The war between Ukraine and Russia unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.
• A record 26,448 software security flaws were reported by CISA, with the number of critical vulnerabilities (CVEs) up 59% from 2021, a total of 4,135.
• Information stealing malware, active exploitation of internet-facing vulnerabilities, and infected open-source code present new threats requiring increased vigilance.

“In 2022, Security Operations teams were forced to contend with the dual sided challenge of a rapidly expanding attack surface and increasingly complex threats,” said Jerrod Barton, Senior Director of ATI at Deepwatch.

“As move forward in 2023, data extortion and attacks of opportunity will continue to evolve, employing different extortion tactics and techniques to force victims to pay the ransom. With threats evolving quickly, security organizations must operationalize threat intelligence by gathering data from every possible source, then effectively processing, correlating, and incorporating that information into day to day security operations to reduce risk,” Barton continued.

Cybercriminals read OSINT reports

Just as criminals in the physical world are known to insert themselves into criminal investigations, cybercriminals read publicly available Open Source Intelligence (OSINT) and analyst reports.

Whether this is to learn what security researchers are reporting about them, a new technique, or discover the technical details of a new vulnerability, we expect this trend to continue in 2023.

A downside of this trend is that researchers may only publish some known details or refrain from making assessments for fear of being wrong and save the essential elements for private distribution, which reduces the overall value of the intelligence the cybersecurity community can gain from open-source reporting.

Information stealing malware on the rise

As cybercriminals look for new ways to access sensitive information for financial gain, information-stealing malware will continue to grow in popularity in 2023. As the amount of personal and financial data stored and transmitted online increases, cybercriminals will have more opportunities to steal this information.

In addition, as more businesses and individuals work remotely and use devices to access sensitive internet-facing systems, the attack surface increases, giving cybercriminals more attack vectors.

As a result, we expect a continued increase in the development and use of information-stealing malware for cybercriminals to steal sensitive information and sell it on cybercriminal marketplaces.

Source code repositories will continue to be targeted

Source code repositories contain an organization’s proprietary and valuable intellectual property and may collect sensitive information such as credentials and access keys. Additionally, many organizations use these platforms to collaborate and share code, increasing the attack surface.

As the remote work trend has accelerated, many companies rely more heavily on cloud-based platforms such as GitHub for their development and deployment needs. These factors make source code repositories an attractive target for cybercriminals, and organizations must be vigilant to protect themselves.

Vulnerability exploitation will remain the top access vector

With the increasing complexity of software systems and the growing number of devices connected to the internet, the attack surface for cybercriminals continues to expand. As more sensitive information is stored and processed online, the incentives for attackers to find and exploit vulnerabilities in software systems will continue to grow.

Furthermore, many companies and organizations do not have sound vulnerability management programs to identify and fix vulnerabilities in their software systems, making them attractive targets for cybercriminals, highlighting the need for a vulnerability management service to identify and prioritize vulnerabilities to protect against these threats.