Evolving cyber threats in 2023

To stay competitive and relevant in business, we have to understand how to move at the pace of technology. We see this on both the consumer and business sides – expectations evolve alongside emerging trends, such as AI and machine learning.

The same is true for cybercriminals. They also move at the pace of technology, and they’re counting on businesses to be behind the curve. While many attacks are known, such as phishing, business email compromise (BEC), and ransomware, tactics are evolving and becoming layered and more sophisticated. Businesses that are protecting against an old form of attack may be vulnerable again and succumb to a newer evolution of the same attack.

A resilient organization is a prepared organization, and the best way to be prepared is to be knowledgeable about these new cyber threats. We’ll get you up to speed with a summary of how attacks have recently evolved, and what your business can do to protect itself.

Ransomware + DDoS = Ransom DDoS

One of the ways hackers are becoming more sophisticated is by combining powerful tactics to add even more pressure on their targets. Ransomware and distributed denial-of-service (DDoS) attacks have combined in two ways – Ransom DDoS and triple extortion.

In a DDoS attack, bad actors are trying to make a network resource or machine inaccessible to the intended users. This is often done by sending a large volume of requests to a website’s server. If a company isn’t prepared, this may bring down the site, make it slow, or make it inaccessible to legitimate website visitors. The downtime a company experiences due to a DDoS attack can significantly impact business operations, order fulfillment, reputation, and eventually, revenue.

Ransom DDoS employs the same tactics, but also includes ransomware elements such as asking for payment from the target before the DDoS attack is lifted. A few different groups have taken credit for ransom DDoS attacks, including Armada Collective and Fancy Bear.

With triple extortion, the attacks are more layered. First, the ransomware is deployed. This usually begins with sending an infected link or email attachment to the target. Once the receiver opens it, the ransomware starts encrypting files, locking users out.

From there, attackers threaten to leak sensitive data they have encrypted unless the organization pays the ransom. If that doesn’t work, they move on to the third step, applying pressure via DDoS attacks. A business that is already feeling the stress from the ransomware may be quicker to pay to eliminate the additional strain on their business caused by DDoS attacks. In Q1 2023, 16% of Cloudflare-surveyed customers reported ransom DDoS attacks up 60% compared to last year. So far, the highest month for attacks was November 2022, coinciding with the busy holiday season.

Deepfakes to aid BEC attacks

Business email compromise (BEC) attacks already cause a lot of financial damage. In this type of phishing tactic, a hacker sends an email pretending to be someone the recipient already knows, such as a vendor or a coworker. In these attacks, the sender asks for money or sensitive information, which the target may give over willingly, not realizing the entity sending the email is an impersonator.

Now, bad actors are taking things one step further, using deepfakes to further convince victims that fraudulent emails are legitimate. While AI voice cloning technology is still in its early stages, organizations are already using it to try to extract money — just listen to this example of a deepfake audio that was sent to a tech firm where criminals used an AI-generated voice to impersonate the CEO of the company.

Virtual meetings have also become a useful attack avenue. Hackers are using virtual meetings in several ways: Inviting employees to meetings and using deepfakes on the audio calls, attending meetings to extract important information about the company, and using the cover of a virtual meeting as a reason the “CEO” or another high-level executive they are pretending to be needs something done urgently.

Cybercriminal gangs are getting serious

When we talk about bad actors in this article, that’s not painting the whole picture of how the cyber threat landscape is changing. Criminals are getting more organized around exploits, attacks, and malware, turning what used to be more isolated operations into streamlined enterprises.

One way hackers are doing this is by selling exploit packs that contain malware or ransomware. These kits can be purchased on the black market by people who don’t have much experience in creating malicious code of their own. Some are even paired with technical support. It was reported last year that amateur hackers could purchase malware kits for $10 and compromised system credentials for $5.

Gone are the days when a cybercriminal needs to know how to conduct every part of an attack to pull one off successfully. Hackers are now forming business-like entities with specialties and getting into alliances with groups that have complementary skills. For example, some groups that may be best at infiltration are joining forces with others that are best at exfiltration. There are even support systems that have formed, where bad actors can share tips with one another, troubleshoot, and ensure targeted attacks are more successful. Several cybercriminal gangs have been in the news, including FIN7, an organization that infiltrated the SEC through a spear phishing attack and is believed to have accumulated billions of dollars through its criminal activities.

The software supply chain is at risk

Commonly used open-source environments are like unlocked file cabinets in your house. You probably don’t give them much thought, and if you do, you might think they’re not worth securing. However, if someone came into your house and rummaged through that cabinet, they might be able to walk away with something really valuable.

Hackers are now going after commonly used open-source environments. New vulnerabilities and exploits are being found in places like Linux, GitHub, and GitLab. Companies may think these aren’t areas worth securing, but they can cause major damage if they aren’t considered. Just last year, a vulnerability was found on GitHub that would have allowed an attacker to control a repository and subsequently impact millions of users with malicious code in one fell swoop.

How organizations can stay prepared against cyber threats

Being prepared for incoming threats is half the battle when it comes to cybersecurity. However, problems in implementation arise with limited time, budget, and internal resources.

Keeping tabs on evolving threats could be the role of one dedicated employee, but most teams don’t have the bandwidth or budget for that. There are so many other demands on your day that staying plugged into the newest trends in cybercrime can quickly fall to the bottom of the list.

Security training and building a culture of security can also protect against a number of threats, but it will only get you so far. Even if everyone in the organization knows how to spot common tactics and is trained in how to respond to and report them, emerging threats can outpace education.

Vulnerability management is also key. The most critical vulnerabilities need to be patched fast because cybercriminals are also paying attention to them. However, this can get overwhelming quickly. How do you determine which vulnerabilities are most important to address and patch? It can be impossible to tackle them all, so learning how to prioritize is essential.

All of these barriers to preparation can be countered with a fully managed cybersecurity program. Outsourced security can help you stay on top of threat development, train your employees on evolving tactics, provide practical vulnerability management, and more.

To learn how SolCyber can help you keep in step with the changing cyber threat landscape, talk with us today. 

Follow us on the following social platforms!

LinkedIn: https://www.linkedin.com/company/solcyber-managed-security-services/

Twitter: https://twitter.com/SolCyberMSS

Facebook: https://www.facebook.com/solcybermssp

Instagram: https://www.instagram.com/solcyber_mssp/