Nation-state threat actors in Russia, China, Iran and North Korea consistently used cyberattacks as part of their efforts to achieve various strategic goals in 2022, according to the Annual Threat Report 2022 from IronNet.
IronNet Report Examined
Key takeaways from the report include:
- The Ukraine-Russia war instigated "one of the largest displays of collective cybersecurity in history," IronNet indicated. This was due to the fact that many governments and technology companies helped Ukraine manage its cyber defenses.
- Many ransomware groups shifted their focus from large organizations to small and-medium sized businesses (SMBs) that "typically generate less attention, have less cyber resources and are more vulnerable to exploitation," IronNet noted.
- Black Basta, Black Cat (ALPHV), BianLian and other new ransomware groups started to "flood the market" after the Conti ransomware group went underground in late 2022, IronNet pointed out.
- Karakurt, Lapsus$ and RansomHouse were among the ransomware groups to bypass the double-extortion technique during their attacks, and instead, solely focus on stealing data and holding it for ransom.
The report also highlighted several trends in adversary infrastructure (tools, services and processes used to launch cyberattacks). These trends included:
- Cobalt Strike was the top command-and-control (C2) framework abused by threat actors in 2023. Meanwhile, there was an increase in Sliver C2 servers found in the second half of 2022. This indicates that Sliver could match or overtake Cobalt Strike as the most popular C2 framework in 2023.
- Threat actors continue to look for ways to bypass traditional C2 detection mechanisms. As such, they look poised to explore ways to discard, reuse and recycle domains and explore other ways to make their infrastructure.
- Threat actors commonly used domain registrars that prioritize privacy, accept cryptocurrencies and have a lax review process of abuse reports.
How to Defend Against Threat Actors in 2023
IronNet offered several recommendations to help organizations guard against threat actors, including:
- Be vigilant and active in patching and updating systems.
- Map and account for external-facing assets (applications, servers, IP addresses, etc.) that are vulnerable to cyberattacks.
- Watch for phishing emails, particularly ones with geopolitically themed lures
- Teach employees about social engineering tactics.
- Do not download files or attachments from unknown third-party senders.
IronNet threat hunters and analysts will continue to assess threat actors and look for threat trends in 2023, the company stated. In addition, organizations can use IronNet's IronRadar solution to get insights into C2 infrastructure and block threats before they can lead to cyberattacks and data breaches.