A new report from Kaspersky details what their digital forensics and incident response teams predict as the top threats of 2023 for businesses and government agencies. Learn more about this.
A new report from Kaspersky details what will be the toughest threats to businesses and government agencies in 2023.
SEE: Mobile Device Security Policy (TechRepublic Premium)
Data leaks are on the rise
Data leaks affecting both personal and business data increased in 2022 and will continue in 2023. Huge data leaks affecting millions of users occurred in 2022, such as WhatsApp leak and latest from Twitter exposing the information of more than 200 million users.
These data leaks are often sold privately on cybercriminals’ underground marketplaces, with the price depending on several parameters such as the number of users, the types of users targeted, and whether the passwords are encrypted or plain text.
For example, a database containing 105 million Indonesian citizen records was sold in September 2022 for $5,000 on the dark web. The database apparently came from the General Election Commission of Indonesia and contained full names, places and dates of birth, and national identification numbers.
Business emails impacted
Business email addresses should never be used on a non-business service, but people tend to use it to sign up for third-party web services. This greatly increases the attack surface for the business because an attacker can collect this information. If the employee uses the same password on the service as their corporate email account, attackers can gain a foothold inside the entity’s infrastructure. In addition, single sign-on risks compromising access between multiple entities.
“With many applications using SSO for authentication, it is crucial to monitor the rights granted to applications and websites to prevent malicious sites from gaining full rights to email accounts,” said Marc Nebout. , cyber threat analyst at Sekoia.io, to TechRepublic. “It’s also important to educate users on best practices such as having a different password for all of their accounts.”
Nebout went on to note that companies shouldn’t just educate their employees.
“Companies should also enforce 2FA on all apps where the option is available,” he said. “Cloud application monitoring should be performed, and if suspicious behavior is detected, such as logging in from another country or at an unusual time, passwords should be reset.”
Using corporate email addresses on multiple third-party services also increases the risk of phishing and the success of social engineering programs.
The threat of ransomware
Kaspersky has observed that threat actors insist that their stolen data be released by companies. In each of the first ten months of 2021, they saw between 200 and 300 posts per month (Figure A) of ransomware actors showing their successful compromises. By the end of 2021 and the first half of 2022, that number has grown to over 500 per month.
However, in previous PR attempts, the LockBit Group published supposedly successful corporate compromises, which later turned out to be fake.
“There are cases of ransomware actors making misleading attack claims,” explained Livia Tibirna and Pierre Antoine Duchange, threat analysts at Sekoia.io. “We observe this regularly, although it is not necessarily common to all ransomware groups.”
There are several reasons for these misleading claims:
- Inappropriate analyzes of data stolen by threat actors, whether intentional or not.
- Attempting to monetize an intrusion, even if there was no encryption.
- Attempting to damage the reputation of an organization.
- Manufacture a higher level of intrusion activity by the ransomware organization.
- Draw attention to their ransomware organization.
More cloud, more attacks
Cloud and virtualization technologies will increasingly be impacted by attackers. While companies often move some of their data and operations to the cloud, they also often use partner services that may not be well configured or contain vulnerabilities.
Enterprises may not be aware of cloud infrastructure intrusions because some cloud providers do not log important system events. According to Kaspersky researchers, this makes it attractive to attackers and makes it harder to properly investigate and respond to incidents.
The malware-as-a-service model continues to grow
Malware-as-a-service models have grown in popularity over the past few years among cybercriminals and will continue to grow.
“Cybercriminals try to optimize their work efforts by increasing their operations and outsourcing certain activities, just as a legitimate business would do,” Kaspersky said.
This model also lowers the barrier of entry for budding cybercriminals, as they can simply hire efficient services to operate without needing too much cybersecurity knowledge themselves.
Increased use of this pattern can lead to less unique attacks due to different attackers using the same tools. These tools can subsequently become more complex so as not to be correctly analyzed by automated security systems.
Disclosure: I work for Trend Micro, but the opinions expressed in this article are my own.