The latest industry intelligence findings show that in 2023, there was an increase in sophisticated attacks on networking devices, particularly by state-sponsored actors for espionage objectives to facilitate stealthy operations. The report notes that the actors exploited network vulnerabilities and weak access credentials, with three of the five most targeted device vulnerabilities being critical or severe.
Also read: Digital Defence: Salam's Cutting-edge Cybersecurity and AI Solution
Healthcare Under Threat in 2023
The findings also observed that ransomware and pre-ransomware incidents affected customers at a steady rate, indicating that the health care sector is the most vulnerable. Despite efforts to enhance cybersecurity measures, healthcare organizations remain prime targets for cybercriminals due to their critical role in society, coupled with funding constraints and low tolerance for downtime. As a result, the healthcare sector faces ongoing challenges in defending against ransomware attacks and safeguarding sensitive patient data. In the face of escalating global conflicts and evolving threat landscapes, ransomware, commodity loaders, and APTs emerged as dominant threats in 2023.
The report noted that LockBit – a ransomware specialist – remained dominant in the ransomware landscape, with affiliates accounting for more than 25% of the total number of victim posts on data leak sites across some 40 ransomware groups monitored by the agency. Moreover, the emergence of pure extortion tactics among ransomware actors and the continued use of commodity loaders underscores the adaptability and persistence of cyber adversaries. Ransomware developers, also known as RaaS operators such as LockBit, develop and maintain ransomware tools and infrastructure and sell it as a service in RaaS kits to other hackers, called RaaS affiliates.
2023 Telemetry Trends
Geopolitical instability also played a pivotal role in shaping cyber threats, with telemetry data indicating a rise in suspicious network traffic during major geopolitical events. Chinese APT groups exhibited a greater willingness to engage in destructive operations amid strained international relations, particularly targeting telecommunications organizations in strategically important regions. Meanwhile, Russian APTs accelerated their targeting of Ukraine, although overall activity did not fully reflect their extensive cyber capabilities, potentially due to enhanced defense measures.
Also read: Security Threats Impacting Mobile Landscape
Common file extensions such as word docs and PDFs were abused and well-known brands were spoofed, highlighting the use of social engineering in operations like phishing and business email compromise (BEC). BEC is a scam in which cybercriminals send emails to targets that appear to come from a known source making a legitimate request. The goal is to prompt the target to make unauthorized money transfers to the threat actor.
The report indicates that adversaries have adapted to Microsoft's move to disable macros in 2022 by resorting to alternative file types to conceal their malware. Notably, PDFs emerged as the most commonly blocked file extension this year, suggesting a shift in tactics towards exploiting different formats to evade detection.
