Security operations teams were forced to deal with a rapidly expanding attack surface and increasingly complex threats in 2022, according to the 2023 Annual Threat Intelligence Report from managed detection and response (MDR) company Deepwatch.
The Cybersecurity and Infrastructure Security Agency (CISA) reported 26,448 software security flaws in 2022, which represents a new record.
Key takeaways from Deepwatch's report included:
- There were 4,135 critical vulnerabilities (CVEs) reported in 2022, up 59% year over year.
- Emotet ranked as the top malware in 2022, followed by Qakbot (Qbot) and AgentTesla.
- Malware/endpoint was the top category for threat detections in 2022, followed by authentication and intrusion detection.
- System exploitation ranked first among the top threat response engagement types, followed by business email compromise/email account compromise (BEC/EAC) and account compromise.
In addition, Deepwatch's Adversary Tactics and Intelligence (ATI) team shared the following observations in the report:
- Cybercriminals used publicly available exploit code to access organizations via internet-facing systems.
- Cybercriminals are still using ransomware to target organizations across a wide range of industries.
- Account compromise is a prominent attack vector.
- Multiple SEO poisoning attacks were identified that led to malware (Gootloader) being downloaded.
- USB usage led to malware infection (Raspberry Robin) in several environments.
- High-risk ports and services located in cloud environments continue to be targets for exploitation.
What to Expect Across the Cyber Threat Landscape in 2023
In its report, Deepwatch made the following predictions for the cyber threat landscape in 2023:
- Cybercriminals are likely to continue reading cybersecurity research and analysis on the tools and tactics, techniques and procedures (TTPs) of both their activity and those of other threat actors.
- There is likely to be an increase in new information-stealing malware and credential harvesting websites.
- Cybercriminals will continue to target source code repositories on GitHub.
- Cybercriminals will continue to use container file types for social engineering attacks.
- Exploitation of vulnerabilities is likely to continue to be the top initial access method.
- Cybercriminals will continue to target internet-facing login portals and systems for initial access to organizations' systems.
Jerrod Barton, senior director of ATI at Deepwatch, commented on how organizations can protect against cyber threats in 2023:
"As we move forward in 2023, data extortion and attacks of opportunity will continue to evolve, employing different extortion tactics and techniques to force victims to pay the ransom. With threats evolving quickly, security organizations must operationalize threat intelligence by gathering data from every possible source, then effectively processing, correlating and incorporating that information into day-to-day security operations to reduce risk."
MSSPs can also help organizations guard against cyber threats. They can provide MDR and other security services and offer tips and guidance to ensure that organizations are prepared to combat current and emerging threats.