As we near the end of 2023, it is crucial to reflect on the evolving cyberattack landscape that has defined this year. Understanding the prevalent attack types becomes paramount as we prepare ourselves to face the challenges that lie ahead.
In this blog, we delve into the cyberattack trends that have shaped 2023, shedding light on the common types of attacks that have targeted organizations across various industries. By examining these attack vectors, we can gain valuable insights into the tactics employed by cybercriminals and the vulnerabilities they exploit. Looking forward, we discuss what organizations can do to enhance their cybersecurity posture and defend against future threats.
As we peer into the future, we explore the emerging trends and challenges that we’ll face in 2024 and beyond. The rapid advancement of technology introduces new risks, such as the exploitation of artificial intelligence in cyberattacks. By anticipating these developments, organizations can stay ahead of the curve and implement proactive strategies to mitigate future threats.
Common Types of Cyberattacks in 2023
As cybercriminals continue to refine their tactics, several types of cyberattacks have become prevalent in 2023. By understanding these common types of cyberattacks, organizations can proactively implement security measures to mitigate the risks associated with these threats.
The common types of cyberattacks that have plagued the digital landscape this year include:
(1) Phishing Attacks
Phishing attacks remain a persistent and effective method employed by cybercriminals to trick individuals into divulging sensitive information. Phishing has increased by 1,265% from Q4 2022 to Q3 2023, which equates to an average of 31k phishing attacks per day1.
Phishing attacks have expanded beyond conventional email-based methods to encompass a broader array of deceptive approaches. Cybercriminals now leverage diverse platforms such as social media, voice communication, and search engines to exploit unsuspecting individuals. These attacks have become more targeted, personalized, and sophisticated, underscoring the importance for individuals and organizations to remain vigilant and implement comprehensive safeguards.
To learn how to defend against modern phishing attacks, check out our blog: The Evolution of Phishing Attacks: Recognizing Modern Tactics
Example phishing attack in 2023
- Activision, the gaming giant, experienced a data breach in December 2022 when hackers successfully targeted an employee through a phishing attack. The breach was only brought to light in February 2023 when screenshots of the stolen data, along with the hackers' messages on Activision's internal Slack channel, were shared on Twitter by the cybersecurity and malware research group vx-underground. The stolen data included employee information such as names, phone numbers, email addresses, and office locations. The breach raises concerns about the company's handling of the incident and its responsibility to inform affected individuals promptly2.
(2) Ransomware Attacks
Ransomware attacks have reached new levels of sophistication and devastation in 2023, with the number of victims in the first half of 2023 exceeding all victims in 20223.
Cybercriminals have honed their techniques. For example, they now employ advanced encryption algorithms and evasion techniques to bypass security measures and leverage tactics such as double extortion to maximize their impact.
Ransomware is a very powerful tool as it relies on one the most influential principals of social engineering – intimidation. Pressuring someone with consequences can be a strong tactic. It can be very difficult for someone to resist paying a ransom when a lot is on the line.
– Chris deRito, Security Engineer at BIO-key
Ransomware has also become more accessible to less technically skilled criminals through the emergence of Ransomware-as-a-Service (RaaS). This model allows individuals to rent or purchase ransomware tools and infrastructure, enabling a wider range of attackers to engage in ransomware campaigns.
Example ransomware attack in 2023
- In September 2023, SONY, a multinational technology company experienced a breach conducted by a ransomware group known as Ransomware.vc which appears to be both a ransomware operator and a ransomware-as-a-service organization. The group claims that instead of demanding a ransom, they will sell the compromised data since Sony has refused to pay. While they have provided some evidence of the hack, including screenshots and file listings, the actual number of files extracted appears to be relatively small compared to the claim of breaching "all of Sony systems." Sony has yet to publicly acknowledge the attack4.
(3) Supply Chain Attacks
Supply chain attacks are expected to continue to evolve as cybercriminals exploit weak links within the interconnected digital supply chain. By compromising trusted vendors or injecting malicious code into software updates, cybercriminals can gain unauthorized access to target organizations. These attacks have the potential to cause widespread damage and compromise the integrity of products and services.
To mitigate this risk, organizations should prioritize thorough due diligence when selecting vendors, implement secure coding practices, and establish robust mechanisms to monitor and validate the integrity of the software supply chain. By strengthening supply chain security, organizations can better protect themselves and their customers from the increasing threat of supply chain attacks.
Example supply chain attack in 2023
- The cybersecurity industry has been investigating the breach of 3CX in March 2023, a VoIP provider, which was targeted by North Korea-linked hackers. Researchers have discovered that the initial breach of 3CX was facilitated by a software supply chain attack on Trading Technologies, another company. This incident is notable because it marks the first confirmed instance of one supply chain attack enabling another supply chain attack. The hackers managed to insert backdoor code into an application of Trading Technologies, which, when later installed on a 3CX employee's computer, allowed the hackers to spread their access through 3CX's network and infect its customers. The incident highlights the risk of supply chain attacks and the need for heightened security measures in software development and distribution.
(3) Zero-day Exploits
Zero-day exploits refer to vulnerabilities in software or systems that are unknown to the vendor and, therefore, lack available patches or defenses. In 2023, cybercriminals have actively sought out and exploited zero-day vulnerabilities to gain unauthorized access to targeted systems or launch targeted attacks. These exploits are often sold on underground markets or used by advanced persistent threat actors to carry out sophisticated attacks with minimal detection.
Example zero-day attack in 2023
- In June 2023, the MOVEit attack targeted users of the MOVEit Transfer tool, a secure file transfer solution owned by Progress Software. The attackers, believed to be the ransomware group Cl0p, compromised over 620 organizations, including major entities like the BBC, British Airways, Boots, and Aer Lingus. Leaked data included personally identifiable information (PII) such as staff addresses and IDs. A patch has been released, and CISA issued an urgent warning to download it. The attackers exploited exposed web interfaces, infecting the MOVEit application with a web shell called LEMURLOOT to steal data. This incident emphasizes the importance of detecting and securing exposed web interfaces to mitigate security risks6.
What Organizations Can Do About It
In the face of the ever-evolving cyber threat landscape, organizations must take proactive measures to fortify their cybersecurity. By implementing effective security practices and fostering a culture of cyber awareness and resilience, organizations can mitigate the risks posed by cyberattacks. Here are some key actions to enhance cybersecurity posture:
(1) Strengthening Cybersecurity Measures
- Implement Multi-layered Security Defenses
Organizations should adopt a holistic approach to cybersecurity by implementing multiple layers of defense. This includes robust firewalls, intrusion detection and prevention systems, secure network configurations, and endpoint protection solutions. By employing a combination of preventive, detective, and corrective security measures, organizations can enhance their ability to mitigate potential threats.
- Regularly Update and Patch Systems
It is crucial to keep software, operating systems, and applications up to date with the latest security patches. Regularly applying patches helps address known vulnerabilities and reduces the risk of exploitation by cybercriminals.
- Implement Strong Authentication Mechanisms
Adopting strong authentication methods, such as multi-factor authentication (MFA), can significantly enhance the security of user accounts and systems. MFA adds an extra layer of protection by requiring users to provide additional credentials beyond usernames and passwords. Common types of MFA methods include one-time passwords, smart cards, hardware tokens, security keys, and biometrics.
Phishing resistant MFA should also be a consideration for most organizations. Having MFA is a big step to take, but often isn’t enough, as it leaves a glaring issue. By implementing MFA that does not utilize a human shareable attribute, you are removing the possibility for the wrong person to perform that MFA method.
– Chris deRito, Security Engineer at BIO-key
If you want to learn more about biometric authentication, read our blog on The Future of Authentication: Identity-Bound Biometrics and Its Potential to discover how BIO-key's innovative approach o Identity-Bound Biometrics differs from traditional MFA methods.
(2) Employee Training and Awareness
- Conduct Regular Security Awareness Training
Organizations should provide comprehensive training programs to educate employees about common cyber threats, such as phishing, social engineering, and ransomware. Training should focus on recognizing and reporting suspicious activities, practicing good password hygiene, and understanding the importance of data protection.
- Foster a Culture of Cybersecurity
Organizations must promote a culture of cybersecurity awareness and accountability at all levels. This includes encouraging employees to report potential security incidents promptly, emphasizing the importance of data privacy, and instilling a sense of responsibility for protecting sensitive information.
(3) Incident Response and Recovery
- Develop an Incident Response Plan
A well-defined incident response plan that outlines the steps to be taken in the event of a cyber incident is imperative. This plan should include clear roles and responsibilities, communication protocols, and a step-by-step guide for containing, investigating, and recovering from an attack.
- Regularly Test and Update the Incident Response Plan
It is essential to periodically test and update the incident response plan to ensure its effectiveness. Conducting simulated exercises and tabletop drills can help identify gaps and improve the organization's response capabilities.
(4) Backup and Disaster Recovery Planning
- Regularly Back Up Data
Organizations should implement regular and comprehensive data backup processes to ensure that critical information is protected and can be restored in the event of a ransomware attack or data breach. Backups should be stored securely and tested regularly to verify their integrity and reliability.
- Develop a Disaster Recovery Plan
A disaster recovery plan should be comprehensive, focusing on bringing your organization back to its pre-breach state and recovering your network from any damage caused by the cyberattack. It’s important to note that an incident response plan is part of a disaster recovery plan, and they should work in tandem — rather than having two different data protection plans. When developing an incident response and disaster recovery plan for your organization, consider each security threat mentioned above and design a plan that combats each of these threats. A well-defined disaster recovery plan is vital to minimize downtime and recover swiftly from a cyber incident. This plan should outline the procedures and resources required to restore systems, applications, and data, ensuring business continuity.
By implementing these measures, organizations can significantly enhance their resilience against cyber threats and minimize the potential impact of attacks. However, it is important to note that cybersecurity is an ongoing effort that requires continuous monitoring, adaptation, and collaboration between IT teams, employees, and stakeholders.
Predicting Cyberattack Trends for 2024 and Beyond
As technology continues to advance, the cyber threat landscape is expected to evolve and present new challenges for organizations in the coming years. By analyzing emerging cyberattack trends and staying ahead of potential threats, organizations can better prepare themselves to defend against cyberattacks. Here are some predicted cyberattack trends for 2024 and beyond:
- Increased Targeting of Cloud Infrastructure
With the widespread adoption of cloud computing, cybercriminals are likely to focus their efforts on exploiting vulnerabilities within cloud environments. Attacks targeting misconfigurations, weak access controls, and insecure APIs (Application Programming Interfaces) can lead to unauthorized access, data breaches, and service disruptions. Organizations must prioritize cloud security, implement robust authentication measures, and regularly audit their cloud infrastructure to mitigate these risks.
- Rise in AI-Powered Attacks
As AI technology becomes more sophisticated, cybercriminals are expected to leverage it to conduct attacks with greater precision and efficiency. AI-powered malware, automated phishing campaigns, and advanced evasion techniques can bypass traditional security measures and pose significant challenges for defenders. Organizations must invest in AI-based security solutions to detect and respond to AI-driven attacks effectively.
Phishing and Social Engineering based attacks are going to get much more sophisticated with the use of AI. It is already challenging to notice if something is AI generated, and it is only going to get more and more realistic in the next few years. User education and training is going to play a big part in preventing these attacks.
– Chris deRito, Security Engineer at BIO-key
- Exploitation of Internet of Things (IoT) Devices
The proliferation of IoT devices in homes, businesses, and critical infrastructure presents an expanded attack surface for cybercriminals. Vulnerabilities in IoT devices can be exploited to gain unauthorized access, launch Distributed Denial of Service (DDoS) attacks, or compromise sensitive data. Organizations and manufacturers should prioritize securing IoT devices through regular patching, strong authentication, and network segmentation to prevent widespread vulnerabilities.
- Targeted Attacks on Operational Technology (OT)
Critical infrastructure sectors, such as energy, transportation, and manufacturing, rely heavily on operational technology (OT) systems. These systems, including industrial control systems (ICS) and SCADA (Supervisory Control and Data Acquisition) systems, are increasingly interconnected and vulnerable to cyber threats. Cyberattacks targeting OT can disrupt essential services, cause physical damage, or even jeopardize public safety. Organizations must implement robust security measures, conduct regular assessments, and enhance the cyber resiliency of their OT infrastructure.
- Growth of Supply Chain Attacks:
Supply chain attacks are likely to continue evolving as cybercriminals exploit weak links in the interconnected digital supply chain. By compromising trusted vendors or injecting malicious code into software updates, cybercriminals can gain unauthorized access to target organizations. To mitigate this risk, organizations should conduct thorough due diligence when selecting vendors, implement secure coding practices, and regularly monitor and validate the integrity of the software supply chain.
To stay resilient in the face of these evolving cyber threats, organizations should prioritize a proactive cybersecurity posture, foster a culture of security awareness, collaborate with industry peers and cybersecurity experts, and invest in cutting-edge technologies and solutions.
The cyberattacks experienced in 2023 and the predicted trends for 2024 and beyond serve as stark reminders of the ever-present risks organizations face. Cybersecurity must be prioritized as a strategic imperative and sufficient resources need to be allocated to build robust defenses. By taking proactive steps to enhance our cybersecurity posture, we can safeguard valuable assets, protect customer data, and mitigate the financial, reputational, and operational impacts of cyberattacks.
If you’re planning your cyber strategy for 2024, we encourage you to contact our team to review your specific needs and requirements.
Not ready for a call? Start by learning more about BIO-key's Identity and Access Management solution, PortalGuard®, or our one-of-a-kind biometric authentication technology, Identity-Bound Biometrics.