Intel 471, the premier provider of cyber threat intelligence for leading intelligence, security, and fraud teams across the globe, today released The 471 Cyber Threat Report; 2022-2023 Trends & Predictions. This research analyzes recent and commonly used tactics, techniques and procedures (TTPs) that have been adopted by prominent threat actors, how these threats have affected enterprises, along with predictive intelligence assessments on threats that organizations should be prepared to thwart over the next year.
The report details the most impactful threats that fueled the cybercrime ecosystem over the past year and the TTPs employed by the actors behind them. It provides recommended steps organizations should take to protect themselves against existing and emerging threats on the horizon.
“It is important to not only draw attention to the TTPs commonly used by the most capable threat actors but also to provide rich context for how these TTPs can impact organizations at every stage of the cyberattack chain, and how they can be countered by tactical defenders and senior decision makers,” said Intel 471 Chief Intelligence Officer, Michael DeBolt. “The findings of our latest research will help arm organizations with the adversary, credential, malware and vulnerability intelligence they need to refine their cyber defense strategy, adjust their security practices and prepare for 2023.”
Other key takeaways from the report include:
- Prominent cyber threats observed over the past year include compromised access and data, ransomware, return of Emotet malware and exploitation of vulnerabilities. Many of these can be mitigated with a comprehensive identity access password program and a patching and update policy, as well as continuous monitoring for compromised credential breaches across third parties.
- Evolving threats included hacktivism, one-time password (OTP) bypass services, supply chain attacks and information-stealer malware. It is crucial to foster a culture of cybersecurity awareness to combat employee negligence synonymous with both OTP and information stealer malware.
- The threat landscape will continue to be shaped by an increase in ransomware attacks and a demand for network access, threat actors will persist in capitalizing on security vulnerabilities and hacktivism will likely remain a threat.
Intel 471 also identified a number of cyber threat trends that will likely dominate the landscape in 2023 and beyond:
- As prominent ransomware groups such as LockBit continue to offer evolving products with targeted services, vulnerabilities have reduced in quantity whilst increasing in severity. In fact, last year several vulnerabilities accounted for some of the biggest threats faced by organizations.
- World events have further complicated the threat landscape, with Russia’s invasion of Ukraine acting as a catalyst for further polarization of the underground. The most prolific threat to date has been KillNet, a pro-Russian group who gained notoriety through orchestrating distributed-denial-of-service (DDoS) attacks against pro-NATO countries and organizations.
- Threat actors monetized criminal services to great success in 2022. Multi-factor Authentication (MFA) is a common security practice, and threat actors are turning to OTP bypass services to circumvent this layer of security. This area of the underground ecosystem will likely grow as demand increases for these services in the future.
- The use of information-stealers will continue into 2023; since the beginning of 2022, there has been a substantial uptick in offering when compared to the same period of 2021.
“With the constant evolution throughout the cyber threat landscape and resilience that threat actors continue to display, organizations need insights based on research and intelligence surrounding the most prominent threat actors to understand their activities and to stay ahead of the next attack,” DeBolt added. “Just as threat actors and groups are adjusting their methods to remain resilient against new and emerging security measures, organizations should be staying abreast of key TTPs employed by adversaries and adjusting their security systems based on that intelligence to tackle new and refined ways of being compromised.”
The report also includes case studies on LockBit 2.0, the most impactful ransomware strain observed by Intel 471 from November 2021 through May 2022, and the release of version 3.0, which is shaping up to be just as impactful as 2.0, as well as on the 2022 Russian invasion of Ukraine and subsequent appearance of pro-Russian hacktivist groups.
To help organizations protect themselves from threat actors and their continuously evolving TTPs, The 471 Cyber Threat Report includes a series of mitigation recommendations to help organizations and their security teams harden their security practices, detect potential threats, and isolate their sensitive information to avoid falling victim to new ransomware strains and malware.