Intel
471 released The
471 Cyber Threat Report; 2022-2023 Trends & Predictions. This research
analyzes recent and commonly used tactics, techniques and procedures (TTPs)
that have been adopted by prominent threat actors, how these threats have
affected enterprises, along with predictive intelligence assessments on threats
that organizations should be prepared to thwart over the next year.
The report details the most impactful threats that fueled
the cybercrime ecosystem over the past year and the TTPs employed by the actors
behind them. It provides recommended steps organizations should take to protect
themselves against existing and emerging threats on the horizon.
"It is important to not only draw attention to the TTPs
commonly used by the most capable threat actors but also to provide rich
context for how these TTPs can impact organizations at every stage of the cyberattack
chain, and how they can be countered by tactical defenders and senior decision
makers," said Intel 471 Chief Intelligence Officer, Michael DeBolt. "The
findings of our latest research will help arm organizations with the adversary,
credential, malware and vulnerability intelligence they need to refine their
cyber defense strategy, adjust their security practices and prepare for 2023."
Other key takeaways from the report include:
- Prominent cyber threats
observed over the past year include compromised access and data,
ransomware, return of Emotet malware and exploitation of
vulnerabilities. Many of these can be mitigated with a comprehensive
identity access password program and a patching and update policy, as well
as continuous monitoring for compromised credential breaches across third
parties.
- Evolving threats
included hacktivism, one-time password (OTP) bypass services, supply chain
attacks and information-stealer malware. It is crucial to foster
a culture of cybersecurity awareness to combat employee negligence
synonymous with both OTP and information stealer malware.
- The threat landscape
will continue to be shaped by an increase in ransomware attacks and a
demand for network access, threat actors will persist in capitalizing on
security vulnerabilities and hacktivism will likely remain a threat.
Intel 471 also identified a number of cyber threat trends
that will likely dominate the landscape in 2023 and beyond:
- As prominent
ransomware groups such as LockBit continue to offer evolving products with
targeted services, vulnerabilities have reduced in quantity whilst
increasing in severity. In fact, last year several vulnerabilities
accounted for some of the biggest threats faced by organizations.
- World events have
further complicated the threat landscape, with Russia's invasion
of Ukraine acting as a catalyst for further polarization of the
underground. The most prolific threat to date has been KillNet, a
pro-Russian group who gained notoriety through orchestrating
distributed-denial-of-service (DDoS) attacks against pro-NATO countries
and organizations.
- Threat actors monetized
criminal services to great success in 2022. Multi-factor Authentication
(MFA) is a common security practice, and threat actors are turning
to OTP bypass services to circumvent this layer of security. This
area of the underground ecosystem will likely grow as demand increases for
these services in the future.
- The use of
information-stealers will continue into 2023; since the beginning of
2022, there has been a substantial uptick in offering when compared to the
same period of 2021.
"With the constant evolution throughout the cyber
threat landscape and resilience that threat actors continue to display, organizations
need insights based on research and intelligence surrounding the most prominent
threat actors to understand their activities and to stay ahead of the next
attack," DeBolt added. "Just as threat actors and groups are adjusting their
methods to remain resilient against new and emerging security measures,
organizations should be staying abreast of key TTPs employed by adversaries and
adjusting their security systems based on that intelligence to tackle new and
refined ways of being compromised."
The report also includes case studies on LockBit 2.0, the
most impactful ransomware strain observed by Intel 471 from November 2021
through May 2022, and the release of version 3.0, which is shaping up to be
just as impactful as 2.0, as well as on the 2022 Russian invasion of Ukraine
and subsequent appearance of pro-Russian hacktivist groups.
To help organizations protect themselves from threat actors
and their continuously evolving TTPs, The 471 Cyber Threat Report includes
a series of mitigation recommendations to help organizations and their security
teams harden their security practices, detect potential threats, and isolate
their sensitive information to avoid falling victim to new ransomware strains
and malware.
You can download the full report here.