Virtualization Technology News and Information
Article
RSS
Back to the Future: How the threats of 2022 are informing the security of 2023
By Candid Wüest, VP of Acronis Research

In 2022, the world continued to experience numerous ransomware attacks across a myriad of industries. From supply chains to school districts to video game companies, cyber criminals have continued to expand their victim pool, and are showing no signs of slowing down anytime soon.

In fact, a recent report shows that the average cost of data breaches is expected to surpass $5 million per incident in 2023, driving home the need for better security tactics to be implemented earlier rather than later. As teams kick off the new year, it remains crucial for security teams to understand the past to create a better future.

2022 Rewind

Looking back at the second half of 2022, teams saw a decline in the number of new crime syndicates and volume of attacks - but this doesn't mean that the remaining gangs in business were suffering. They were mainly focusing their efforts. A common approach last year was the rebrand of popular gangs to a new name, bringing most of the team with them - in an attempt to decrease law enforcement attention. This was the case for groups like Egregor, REvil, BlackMatter and DoppelPaymer.

There were several ransomware groups that dominated the market towards the end of the year, including LockBit, Hive, BlackCat and Black Basta. The same report highlighted that these groups, among others, were adding between 200 and 300 new victims per month to the total list of compromised users around the world. These threat actors also continued to target the government, healthcare, and education industries.

In addition to consistently claiming new victims, the attack patterns of these major groups shifted over the second half of the year. For example, BlackCat has utilized a triple-extortion approach with data exfiltration and DDoS attacks, hitting victims with different tactics at the same time if the organization doesn't pay the ransom. Tactically, phishing and malware remain two of the most common threats facing organizations. Additionally, some of the major players in the ransomware space have expanded their attacks beyond Windows into MacOS and Linux. As more organizations pivot to the cloud, we can deduct that this will become an area of focus for these gangs in 2023 and beyond.

The changes in how ransomware gangs are choosing their victims, paired with their diverse infiltration tactics, makes mitigating the risk of these attacks even more challenging for security teams. With new attack approaches arising almost weekly, security teams must think creatively about their weaknesses in order to protect their organizations from emerging threats. Some tactics that we may witness more in 2023 include a heightened focus on uninstalling security tools, deleting backups, and disabling disaster recovery plans wherever possible, especially as organizations roll out new technology and shift to the cloud. Basically, using the preinstalled software package for their attacks and then disabling everything. Also new technologies such as ChatGPT can help cyber criminals to streamline their attacks even further.

New Technology Means New Threats

As we've learned time and time again, new technology brings about new complexity and vulnerabilities. Innovation is at the heart of the technology industry, and oftentimes we see the security associated with it fall short. As new devices and software become available, security teams are working tirelessly to map a strategy for protecting and integrating them - meanwhile, ransomware groups are looking for a way in.

This leaves teams in a bind, caught between diving headfirst into new platforms, systems or tools that users need, while also recognizing that an imminent threat awaits them. To combat this, organizations must avoid getting blinded by the perpetual race to innovate and ensure their security teams test and integrate new technology well. It is also crucial to prioritize the most important tools first and vet these new tools to ensure a safe adoption.

MFA (multi-factor authentication) fatigue is a great example of how a new tool designed to bolster security has been used against organizations by exploiting the weakest link - the human element. Ransomware groups have adapted to the flaws associated with MFA, like spamming users with dozens of alerts until they approve an entry to stop the spam. Tactics like MFA fatigue, remain a popular choice among cybercriminals who aim to exfiltrate and leak sensitive information to garner funds in ransomware attacks, and some will use this same data later on to fuel additional attacks down the road.

This leads to the question on everyone's mind - how do we mitigate these threats? What can security professionals do to thwart ransomware gangs and their tactics? How do we prepare users?

Back to the Future

Looking back at the success of ransomware gangs in previous years and the rising average cost of a single data breach, security professionals have an uphill battle - but not an impossible one. Mitigating these threats often starts with the proper training for employees. MFA attacks and phishing schemes specifically are sometimes avoidable at the user level if a company invests the time and resources to help their teams understand what to watch out for and how to report it. But also, a technology part is needed to complete the defense in depth strategy.

Key areas to address are patching your operating system and the applications that users frequently access and ensuring that your cybersecurity tools are running properly - and working well with each other. Beyond that, teams should use strong authentication methods while working with any business data that could be compromised. Employees should also be prepared for phishing attempts.

The new year is always a time for change and introspection, even for security professionals. In looking back, 2022 saw growth, expansion, and consolidation for ransomware gangs, but it also saw a variety of security advancements. Teams that use the lessons learned from the last year will undoubtedly be prepared for what will be a busy year combatting the advancements of threat actors.

##

ABOUT THE AUTHOR

Candid Wuest 

Candid Wüest is the VP of Cyber Protection Research at Acronis, the Swiss-Singaporean cyber protection company, where he researches new threat trends and comprehensive protection methods. He has worked for 16+ years as the tech lead for Symantec's global security response team. Wüest is a frequent conference speaker, holds a Master of Computer Science from ETH Zurich, various certifications and patents. 

Published Friday, June 23, 2023 7:33 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<June 2023>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678