Connect with us

Hi, what are you looking for?

HEADLINES

4 Trends shaping the 2023 cyber threat landscape, according to Sophos

New research from Sophos details the 2022 cybercrime trends shaping the 2023 cyberthreat landscape, from infostealers to ransomware attacks.

The commercialization of cybercrime drove an uptick in nearly all types of cyberattacks in 2022. The result? A booming malware economy where no organization is immune to cyberthreats.

The Sophos 2023 Threat Report details the current cyberthreat landscape, including which ransomware groups to watch for and the tools, tactics, and procedures (TTPs) used by today’s adversaries to execute attacks.

Scott Barlow, Sophos Global Vice-President of Managed Service Providers (MSP) and Cloud Alliances, shares what to expect in the 2023 cyberthreat landscape:

1. The commercialization of cybercrime isn’t slowing down.

Advertisement. Scroll to continue reading.

Although ransomware-as-a-service (RaaS) isn’t a new phenomenon, the widespread adoption of the “as-a-service” model has made nearly every component of cybercrime available for purchase. Many bad actors specialize in one element of an attack (like initial ransomware infection or data extraction) and market and sell their tools and services on forums on the dark web.

Cybercriminals also use these forums to identify and recruit talent, growing their “organizations” and adding new capabilities. The proliferation of sub-cybercrime markets makes the most sophisticated tools and tactics available to every cybercriminal.

2. Demand skyrockets for infostealers and stolen credentials.

Infostealers and infostealing malware like keyloggers and remote access trojans (RATs) have always played a key role in the cyberthreat landscape. But the rise in demand for stolen credentials placed an even brighter spotlight on infostealing. Even though attackers historically relied on virtual private networks (VPNs) and remote desktop protocols (RDPs) to gain network access, stolen credentials provide more entry points and can be used to move laterally. For example, a bad actor can leverage stolen credentials to impersonate employees of an organization and bypass authentication measures.

The credential theft marketplace is also an effective way for attackers to get a foot in the door to the world of cybercrime — it’s a small investment without many obstacles standing in the way of gaining access. It’s a safe bet that demand will remain high for all types of stolen credentials in 2023, which means complete visibility across customers’ infrastructures is critical to defending against attacks.

Advertisement. Scroll to continue reading.

3. Adversaries continue to leverage “living off the land binaries.”

In the past, threat actors used living-off-the-land binaries (LOLBins) to camouflage malicious activity post-exploitation. But more recently, fraudsters found new ways to leverage these binaries to help execute system commands, bypass preset security features, and move laterally across networks using native Windows components.

The most common LOLBin we saw in 2022 was the Windows command shell (cmd.exe) that most backdoors and shells use to launch malware. Attackers often used Windows scripting platforms like mshta.exe and wscipt.exe to download and execute malicious content, run Windows API calls, and collect data. Threat actors constantly find new ways to exploit LOLbins and evade security measures, so it’s essential to monitor this activity in 2023 and leverage machine learning (ML) solutions that reduce the complexity of the problem.

4. Attacks reach beyond Windows.

In the past, cyberattacks most often targeted Windows operating systems. But we’ve seen a growing number of attacks on Linux-based systems, macOS platforms, and even mobile applications. Financial fraud rings have unfolded alongside the rise in mobile attacks, some expanding globally. These organized crime campaigns involve specialized criminals like fake social profile builders and fraudulent web and application developers who execute social engineering tactics.

Advertisement. Scroll to continue reading.

In these scenarios, fraudsters will develop fake social profiles to convince users to invest in illegitimate cryptocurrency and financial markets. And while malware attacks on Android aren’t a new trend, iOS users are now also susceptible to these attacks because fraudsters have learned how to bypass Apple’s security measures. Strong user authentication, phishing training, and regular penetration testing can help maintain mobile application security.

Cybercriminals are showing no signs of slowing down — just look at the 167% rise in data breaches from Q2 to Q3. In addition to encouraging good cybersecurity hygiene and deploying layered protection, it’s crucial to know when to outsource functions like threat detection and response.

To learn more, download the Sophos 2023 Threat Report for a closer look at the trends and events that continue to shape the cyberthreat landscape.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware...

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

The all-cash transaction is valued at approximately $859 million. Sophos is backed by Thoma Bravo, a leading software investment firm.

Advertisement