With the year ending with ransomware attacks, and 2023 beginning with a major data theft against T-Mobile, leaders are preparing for squalls ahead.
It was a mixed year for cybersecurity in 2022 that ended with some troubling trends, with an acknowledgement at the World Economic Forum that 2023 could see major new attacks.
Monitoring threat surfaces takes time, energy and vigilance, because malicious actors are doing likewise. Every potential threat of sideloading, credential theft, malware injection, trojan attack or other exploits must have eyes outward. Censys, which sponsored this post, makes web intelligence their area of total focus, with comprehensive daily Internet scanning delivering best-in-class visibility to threat hunters, attack surface managers, and other security professionals. Click here to find out more.
Indeed, while the ransomware curve seemed to be heading down last year, NCC Group reported that December saw a rapid increase in ransomware attacks, particularly from threat group BlackCat. The group increased their attacks 100% from 15 attacks in November to 30 in December, the highest number of attacks the criminal group has undertaken in a single month.
Earlier this month, security group Cloudflare reported a 79% increase in DDoS attacks in the fourth quarter of 2022, with over 16% of respondents to their survey saying they had received a threat or ransom demand in concert with DDoS attacks.
Jump to:
A just-released WEF report, Global Cybersecurity Outlook 2023, found that business leaders are “far more aware” of the cyber threat than the year prior. About 93% of cybersecurity respondents predicted a far-reaching and catastrophic cyber event within 24 months.
The report said that:
Respondents to the WEF survey who reported successful changes in their cybersecurity strategy cited organizational structures that supported interaction among cyber leaders, business leaders across functions and boards of directors toward collaboration on digital resilience across business activities.
During an interview at Davos, Sadie Creese, professor of cybersecurity at the University of Oxford, gave a shout-out to cyber resilience.
“There is no such thing as 100% security,” she said. “It’s about resilience in the face of insecurity.”
Detection is one half of resilience. Censys, a leading internet intelligence platform for threat hunting and exposure management, performs daily scans of 101 protocols across the top 3,500+ ports on a key internet protocol, IPv4, and its top 100 ports to give best-in-class visibility to threat hunters, attack surface managers, and other security professionals.
In the survey, 95% of business executives and 93% of cyber executives — with that latter figure up from 75% in 2022 — agreed that cyber resilience is integrated into their organization’s enterprise risk-management strategies.
In its review of year-end cyber events, NCC Group found:
NCC Group expects LockBit 3.0 to remain at the top spot for the foreseeable future after seeing the group fall to third place in November. Its most targeted sectors remain largely similar to those of previous months with little deviation — industrials (30%), consumer cyclicals (14%) and technology (11%).
SEE: Recent 2022 cyberattacks presage a rocky 2023 (TechRepublic)
Meanwhile, BianLain, with victims in the education, technology and real estate sectors, has taken to releasing victim names in stages, using asterisks or question marks as a censor. NCC Group opined that this screw-tightening tactic aims to prompt organizations into payment. They said they have noticed two other hacker groups using this approach.
NCC Group reports a family resemblance between Play, Hive and Nokoyawa ransomware variants: File names and file paths of their respective tools and payloads are similar.
“Although December saw some stability in the volume of ransomware attacks, this was a deviation from what we normally observe,” said Matt Hull, global head of threat intelligence at NCC Group. “Over the seasonal period, we’ve come to expect a downturn in the volume of attacks, as demonstrated by the 37% decrease at the same time last year.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
A research team at cybersecurity firm Uptycs reported that they discovered a campaign involving malware called Titan Stealer, which is being marketed and sold through a Telegram channel. The group said the malware can exfiltrate credential data from browsers and crypto wallets, FTP client details, screenshots, system information and grabbed files.
The builder tool for the malware has a UX that lets attackers specify information to steal and file types to extract from the victim’s machine.
Because ransomware and DDoS variants, worms, viruses and other exploits are trending generally higher, much of it automated and programmatic, companies should do security risk assessments at least annually. Consider using a checklist — such as the xlsx file from TechRepublic Premium. Download it here.
Censys’ highly structured data enables threat hunters to identify unique characteristics of attacker-controlled infrastructure and easily locate hosts. Last year, for example, Censys found a ransomware command and control network capable of launching attacks, including one host located in the U.S. Learn more about Censys here. Click here to learn more about this and other exploits discovered and tracked by Censys.
24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com