The commercialization of cybercrime drove an uptick in nearly all types of cyberattacks in 2022. The result? A booming malware economy where no organization is immune to cyberthreats.
The Sophos 2023 Threat Report details the current cyberthreat landscape, including which ransomware groups to watch for, and the tools, tactics and procedures (TTPs) used by today’s adversaries to execute attacks. As a managed service provider (MSP), it’s important to understand the cybercrime trends of 2022 so you can equip customers with the right cyber defenses in the year to come.
What to Expect in the 2023 Cyberthreat Landscape
1. The commercialization of cybercrime isn’t slowing down.
Although ransomware-as-a-service (RaaS) isn’t a new phenomenon, the widespread adoption of the “as-a-service” model has made nearly every component of cybercrime available for purchase. Many bad actors specialize in one element of an attack (like initial ransomware infection or data extraction) and market and sell their tools and services on forums on the dark web.
Cybercriminals also use these forums to identify and recruit talent, growing their “organizations” and adding new capabilities. As you help customers plan for 2023, remember that the proliferation of sub-cybercrime markets makes the most sophisticated tools and tactics available to every cybercriminal.
2. Demand skyrockets for infostealers and stolen credentials.
Infostealers and infostealing malware like keyloggers and remote access trojans (RATs) have always played a key role in the cyberthreat landscape. But the rise in demand for stolen credentials placed an even brighter spotlight on infostealing. Even though attackers historically relied on virtual private networks (VPNs) and remote desktop protocols (RDPs) to gain network access, stolen credentials provide more entry points and can be used to move laterally. For example, a bad actor can leverage stolen credentials to impersonate employees of an organization and bypass authentication measures.
The credential theft marketplace is also an effective way for attackers to get a foot in the door to the world of cybercrime — it’s a small investment without many obstacles standing in the way of gaining access. It’s a safe bet that demand will remain high for all types of stolen credentials in 2023, which means full visibility across customers’ infrastructures is critical to defend against attacks.
3. Adversaries continue to leverage “living off the land binaries.”
In the past, threat actors used living off the land binaries (LOLBins) to camouflage malicious activity post-exploitation. But more recently, fraudsters found new ways to leverage these binaries to help execute system commands, bypass preset security features and move laterally across networks — all using native Windows components.
The most common LOLBin we saw in 2022 was the Windows command shell (cmd.exe) that most backdoors and shells use to launch malware. Attackers in many cases also used Windows scripting platforms like mshta.exe and wscipt.exe to download and execute malicious content, execute Windows API calls and collect data. Threat actors constantly find new ways to exploit LOLbins and evade security measures, so it’s important to monitor for this activity in 2023 and leverage machine learning (ML) solutions that reduce the complexity of the problem.
4. Attacks reach beyond Windows.
In the past, cyberattacks most often targeted Windows operating systems. But we’ve seen a growing number of attacks on Linux-based systems, macOS platforms and even mobile applications. Financial fraud rings have unfolded alongside the rise in mobile attacks, some expanding globally. These organized crime campaigns involve specialized criminals like fake social profile builders, and fraudulent web and application developers who execute social engineering tactics.
In these scenarios, fraudsters will develop fake social profiles to convince users to invest in illegitimate cryptocurrency and financial markets. And while malware attacks on Android aren’t a new trend, iOS users are now also susceptible to these attacks because fraudsters learned how to bypass Apple’s security measures. Strong user authentication, phishing training and regular penetration testing can help maintain mobile application security.
As we near the end of the year, cybercriminals are showing no signs of slowing down — just look at the 167% rise in data breaches from Q2 to Q3. But with the insights above, you can help customers achieve a tight end-to-end security posture that protects their most sensitive data. In addition to encouraging good cybersecurity hygiene and deploying layered protection, it’s important to know when to outsource functions like threat detection and response.
Stay Informed to Better Protect Customers
Although there’s no silver bullet to mitigating cyberthreats, you can be a good partner to your customers by staying informed about the ever-evolving cyberthreat landscape and complementing your services with third-party tools, solutions and services.
To learn more, download the Sophos 2023 Threat Report for a closer look at the trends and events that continue to shape the cyberthreat landscape.
Scott Barlow is VP, Global MSP & Cloud Alliances, at Sophos. Read more Sophos guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
