Ransomware business is still growing
- check out the FIN7 groups, which are becoming increasingly sophisticated - bit.ly/Prodaft-FIN7
If you don't know Prodaft, let us talk. It is a critical threat intelligence app and service to add to your defensive arsenal
- See more 2022 stats - bit.ly/AAG-stats
- Bleeping computer reports a drop in profits - bit.ly/BC-2022ransomware
There may be a relation between increased numbers of attacks and a drop in profits.
- Technology and shared best practices are making it easier for ransomware victims to recover their data without paying the attacker. This is due to the fact that paying for decryptors often leads to lost data or additional ransom demands. Additionally, cybercriminals have realized that the "hack and leak" component of a ransomware event provides a second way to extort money from victims. This becomes more prominent as regulations and governance requirements become more common. Furthermore, it requires more technical work to create an effective encryption/decryption tool than it does to steal data and corrupt it. As a result, it's likely that ransomware actors will steal data, threaten to sell it or publicly leak it, and if the victim does not pay, they will corrupt the data. This puts extreme stress on the victim, which works in the cybercriminals' favor.
- This may also explain the move to triple or quadruple extortion, where encryption and stealing of data and multiple exposure threats to different parties are used.
- There are no limits any more on what kind of companies can be victims e.g. critical infrastructure, hospitals ... may even become preferred targets.
Ukraine war still goes on
- The war in Ukraine is still going on with multiple attacks or battles going on both sides of the border
- The impacts are there but less than initially expected - on both the Ukraine and the western side
- The larger spillover to other countries - as the war patterns changes - may still come
Old problems remain
50% of attacks are still credential attacks
Hopefully, we will evolve more rapidly to passwordless solutions and better authentication
- Too many times the entry point is through the weakest link.
- Cybercriminals get too effective, and awareness programs seem to have their limits
- In 2023 hopefully more front end AI will help in detecting more sophisticated schemes
- Shortage of staff means less staff or less-qualified staff
- This will continue to increase the risk of breach
Low-level actors will produce high-level impacts
The capabilities of entry-level cyber criminals are increasing as the threat landscape becomes more diverse. In the past, these actors were limited in their capabilities, but now an "intrusion gig economy" has emerged where they can purchase tools, access, or services to cause more significant damage. Furthermore, the growing availability of advanced security tools is being used for malicious purposes, further increasing the impact of low-level actors. In 2022, there were several instances of low-level actors causing major disruptions to well-established organizations. As a result, we can expect even more impactful attacks from low-skilled actors in 2023. Organizations must be aware of this trend and take steps to protect themselves, such as staying up to date with security technologies, implementing robust security protocols, and training employees to identify and report suspicious activity. With the right measures in place, organizations can minimize the risk of successful intrusions and mitigate the impact of any breaches that occur.
The most impactful intrusion vector will be SSO abuse
The growing concern of the abuse of single-sign-on (SSO) architectures in the coming year. As more organizations adopt SSO, particularly in hybrid environments, malicious actors are realizing it is a more effective route to access victims. This past year saw multiple high-profile intrusions leveraging malicious SSO with multi-factor authentication (MFA) abuse. The challenge with malicious SSO use is that it can be difficult to detect and respond to without effective safeguards in place. Therefore, the blog post predicts that the most impactful intrusions of 2023 will be those that combine malicious SSO use with MFA abuse. Organizations must take steps to protect themselves by implementing robust security protocols, training employees to identify and report suspicious activity, and staying up to date with the latest security technologies.
AI - gets credible
AI much talked about gets credible and mainstream
AI - see the very publich ChatGPT - becomes popular and a credible new force
ChatGPT makes the possible visible and credible
Variants or alternatives to be seen in offensive and defensive tools
Phishing - always better
Phishing and variants to the next level - the synthetics are upgrading
A rise of deep fakes through e-mail, video, and messaging platforms, with a particular spike in deep fake phishing and wiperware.
Cyber insurance at crossroads
Fees are not just increasing, but insurance companies are not stating what they expect to be done to decrease premiums
There is a long and complicated history since the beginning of the cybersecurity insurance business.
It is not always in sync with reality on both sides hence no strict correlations between risk/controls and premiums for the longest time.
The insurance community could be a driving force to improve security and control their expenses.
Ransomware is real and more widespread. It will increase the premiums
In healthy or tough economic times, it’s always a good idea to decrease investment in standalone solutions and legacy on-premises security controls
Forrester recommended decreasing or avoiding investment in existing budget categories, such as standalone data loss prevention, standalone user behavioral analytics, managed security services providers and other legacy and potentially duplicative areas.
Over time, MSSPs devolved into alert factories sending templated emails about alerts to clients that failed to provide context or accelerate decision-making. As MSSPs wane, swap those investments to managed detection and response (MDR) or security operations center-as-a-service (SOCaaS) providers,” Forrester advised.
Nearly half (49%) of cybersecurity professionals citied digital business transformation issues as the top factor driving an increase in cybersecurity costs,
It’s simply not going to be feasible for organizations to staff a security operation center (SOC) on a 24/7 basis, so managed services have become a critical element of any cybersecurity strategy, he noted.
However, well over a third (39%) said it’s already too expensive. Some innovation may be required.
So many problems, so many solutions. so many vendors/
This situation has been around for a while.
Team sizes are limited, and cannot operate too many tools.
Getting ROI on products or vendors is increasingly difficult.
There is a SERIOUS need for serious industry consolidation
The future of passwords
As mentioned, credential stealing is still behind many hacks
Biometrics have improved the situation.
Passkeys are on the rise and may represent the future of passwords
If you need help assessing your security status, solving particular pressing issues, need to optimize delivery, or need a strategy for yourself or your senior management, contact cubic consulting.
Book a meeting - https://calendly.com/cubic-consulting