Did your organization learn lessons from the top cybersecurity threats of 2022? Does your cybersecurity strategy address the growing threats predicted by the Deepwatch Adversary and Threat Intelligence (ATI) team? The answers may help you build confidence with stakeholders.
In their annual Threat Report, ATI provides data on the leading cybersecurity threats that security analysts faced in 2022, and offers predictions of what teams will likely face in 2023. Combining ATI research and data from Deepwatch customer engagements, we review the types and volumes of threats; look at the challenges posed by code repositories and open ports; and consider what lingering or growing threats SOC teams should prioritize.
2022 saw a record number of software flaws, a growing ecosystem of ransomware services, and a war that unleashed both amateur and nation-state actors. The ATI Threat Report reveals that Security Operations Centers (SOC) teams should expect these threats to only increase in 2023, with business email compromise, infostealer malware, and infection of source code repositories leading attacks.
Some of the highlights from 2022 include:
The Top Five MITRE ATT&CK Techniques
- Exploitation
- Initial Access
- Persistence
- Credential Access
- Exfiltration
The MITRE ATT&CK framework is a knowledge base of cyber adversary behavior, outlining 14 cyberattack techniques used against enterprise IT networks and cloud environments.
The top threat to Deepwatch customers in 2022 was the exploitation of critical vulnerabilities for internet-facing systems such as networks, hybrid cloud environments, and third-party applications.
Top Five Threat Detections
- Malware/endpoint
- Authentication
- Intrusion Detection
- Email/Phishing
- Network
Threat detection involves the monitoring and analysis of activity across the entire security ecosystem to find malicious activity. Identifying malicious activity on endpoints continues to lead detection efforts, however a rising number of detections focus on identity authentication. A focus on identity authentication can reduce reliance on endpoint, firewalls, and database monitoring.
Top Five Threat Response Engagements
- System Exploitation
- Business Email/ Email Account Compromise
- Account Compromise
- Ransomware
- Supply Chain Attacks
Threat response engagements require investigation by ATI experts skilled in threat hunting and incident management. Their goal is to deliver outcomes that businesses can act upon. System exploitation engagements lead efforts, followed by business email compromise (BEC) or email account compromise (EAC). The FBI IC3 Report 2022 revealed victims of BEC/EAC lost $2.7 billion in 2022.
Get Ready for a Tumultuous 2023
With a look at last year’s trends, ATI predicts a significant increase in infostealer malware, continued infection of source code repositories, and a broader targeting of container types.
Prepare for Infostealers, Source Code Exploitation, and Container Attacks
Cybercriminals are highly likely to continue developing information stealing malware in 2023 to steal sensitive information, like browser password stores and cookies to gain initial access or sell on cybercriminal markets.
- Exploitation of vulnerabilities is highly likely to continue as the top initial access method, followed by phishing and the abuse of credentials.
- Cybercriminals will likely continue targeting source code repositories on GitHub.
- It’s almost certain that cybercriminals will continue to use container file types, like .one, zip, .iso, and .vhd or .vhdx for social engineering.
“Our annual threat report doesn’t come with mascots or trading cards,” one analyst quipped, “but rather gives us an opportunity to share the key threats in our environment, the number of unique Deepwatch global detections, and the top engagements conducted by ATI threat hunters. This deep insight allows us to form a forecast for 2023 that organizations can use to strengthen their cybersecurity strategy.”
“Informed by these observations and current threat hunting activity,” he added, “we forecast for 2023 a challenging year in which ransomware, code repository vulnerabilities, and misconfigured or exposed storage will increase business risk.”
Read the full Deepwatch ATI 2023 Threat Report for details including attacks by industry and insightful predictions. Sign up for our ATI Threat Report Webinar where we discuss findings with Jerrod Barton, Senior Director, Deepwatch ATI.
↑
Share