Happy “It’s not 2023 anymore!” Last year was chaotic and sometimes downright terrible — but do you even work in IT if that isn’t the case?
Per usual, we saw more than our fair share of cybersecurity threats — but four specific threats continued to catch our eye as we read through the headlines. In this blog, we’ll discuss those four threats, including headlines that featured them in 2023 and how you can bolster your proactive cybersecurity measures for a safer 2024.
It’s like Spotify Wrapped, but way more nightmare inducing!
You just couldn’t write a list of top cybersecurity threats in 2023 without mentioning social engineering. Social engineering occurs when a threat actor uses some form of manipulation to trick someone into willingly giving out personal information, such as login credentials. One of the most popular social engineering tactics is phishing, where a threat actor attempts to lure an unknowing person into taking an action, such as clicking on a link or entering personal information into an illegitimate form. When this occurs in a business setting, it’s known as business email compromise, or BEC.
With that said, it’s unsurprising that business email compromise attacks doubled between 2022 and 2023, accounting for more than 50% of all social engineering incidents. Equally unsurprising is that nearly all — 95% — of these attacks were financially motivated. In short, where there’s money, there’s a slimy threat actor trying to get it.
Social engineering in the news
Social engineering made the headlines many times in 2023, with one of the most prolific attacks targeting MGM Resorts International. Hackers socially engineered MGM’s IT help desk team and gained login credentials, enabling them to obtain customers’ private data, including contact information, gender, birth dates, and driver’s license numbers. It’s estimated that this attack cost MGM $100 million in profits.
How to defend against social engineering
Let’s face it: The cards are stacked against us (no gambling puns intended) when it comes to social engineering. What hope do our end users have if hackers are clever enough to phish a trained IT help desk team?
This is why awareness and training are so important. When The Pandemic That Shall Not Be Named took hold and the world went remote, cyberattacks increased — and so did pandemic-specific security awareness training. And 80% of organizations claimed that this training helped their end users better spot phishing attempts.
In 2024, we need to continue training our end users and helping them learn what to look for. Threat actors love to incorporate a sense of urgency in their social engineering attacks, so end users should know to take a breath and a step back whenever an “urgent” email or text message comes through. What’s urgent now will still be urgent in an hour, giving end users some time to verify that the message is legitimate.
Vulnerability exploitation was another top cybersecurity threat in 2023. Vulnerability exploitation occurs when threat actors actively seek out vulnerabilities and take advantage of these weak spots to wreak havoc. In CrowdStrike’s 2023 Global Threat Report, security researchers noted a recent trend where threat actors use one exploit to try and compromise multiple products that the same or a similar vulnerability impacts.
For example, think back to 2021 when Log4Shell all but ruined the holiday season. Hackers used components of this exploit to spawn an entirely new exploit, CVE-2021-44228. This wretched vulnerability extended the wrath of Log4Shell by making it possible to exploit additional products that Log4Shell couldn’t originally exploit. Worst Christmas gift ever — but it sure did keep on giving. 😅
Vulnerability exploitation in the news
In December 2023, Comcast broke the news that nearly 36 million Xfinity customers had their information stolen via a vulnerability exploitation. Hackers leveraged the vulnerability Citrix Bleed to gain access to Comcast’s systems in October, collecting usernames and hashed passwords. And while vendors had patched the Citrix Bleed vulnerability by early October, many organizations didn’t get that memo, giving threat actors just the time they needed to do their nefarious deeds.
As bad as this vulnerability exploitation was, perhaps the worst headlining vulnerability exploitation in 2023 was the MOVEit exploit — just from its sheer reach. Ransomware group CL0P exploited a zero-day vulnerability in MOVEit Transfer, a file-sharing program. They gained personal data from more than 2,000 businesses, governments, and schools worldwide — impacting a jaw-dropping 62 million people.
How to defend against vulnerability exploitation
Here’s the part where we get to sound like a broken record. The best way to defend against vulnerability exploitation is to patch. The second threat actors catch wind of a new vulnerability, you can bet they’re working on a way to exploit it. It’s a literal race against the clock between eager threat actors with dollar signs in their eyes and vendors that need to develop a working patch for their impacted hardware or software.
Once a patch is available, it’s up to you to beat threat actors to the punch. Patch your systems against vulnerabilities — particularly critical ones — as soon as possible. And zero-days? Those patches are red-alert scenarios where you leave the restaurant (doggy bag optional) and return to the office to patch.
Vulnerability exploitation educational resources from PDQ
We love a good patch ‘round these parts — so much that we break down exactly what you need to know in our monthly Patch Tuesday blog posts. And you'll likely catch us talking about patches in our weekly webcast, which streams live every Thursday.
Of course, ransomware is a top cybersecurity threat this year. It’s a top cybersecurity threat every year, as Verizon jokes throughout its 2023 Data Breach Investigations Report (DBIR). Ransomware is an attack tactic where threat actors encrypt your data and hold it hostage until they receive a ransom, or payment.
The 2023 DBIR ranks ransomware as one of the top instigators of data breaches for yet another year. Ransomware is involved in almost a quarter of all breaches. And a study IBM Security X-Force conducted found a 94% decrease in the time it takes to detonate ransomware once gaining initial access. (Are we really trending toward decreasing dwell time?! And if so, do we clap? Are we scared? Mixed feelings there, for sure.)
Ransomware in the news
Want to know how prevalent ransomware was in the news in 2023? The search term “ransomware in the news 2023” returned 34.4 million results on Google. In other words, take your pick on a ransomware headline. 😅
One that we found particularly interesting happened in early 2023. Just as we flipped our calendars to a new year, threat actors flipped Royal Mail’s operations upside down. The LockBit ransomware group encrypted Royal Mail’s most essential data, resulting in a screeching halt of shipments until LockBit received an $80 million ransom payment. And to that, Royal Mail said, “No deal,” which led LockBit to follow through with its promise, as the group released the data on the dark web.
How to defend against ransomware
The best protection against ransomware is to practice good cyber hygiene. Patch, back up your data, train your end users on cyber best practices, implement multifactor authentication where you can — all the basic rules you’re likely blue in the face from preaching to your end users.
Insecure cloud computing
Insecure cloud computing was an interesting cybersecurity threat that kept popping up. But when 94% of enterprises rely on cloud services, it kind of makes sense.
Like most everything IT pros touch, cloud computing services are what you make of them. They’re only as secure as you and your cloud provider make them. And don’t get us wrong: The cloud can be perfectly safe, but only if you properly implement the right security measures. But according to cloud security provider Thales, more than a third (39%) of businesses have dealt with a cloud data breach in the last year. The key cause? Human error.
Cloud infrastructure isn’t inherently more dangerous than on-prem resources, but less than half (45%) of cloud data is encrypted upon storage. Even worse, CrowdStrike reports that cloud exploitation cases increased by 95% between 2021 and 2022. It also notes that threat actors increasingly modified authentication processes and attack identities to place a foothold in cloud environments, while in the past, they simply circumvented antivirus and firewalls.
Insecure cloud computing in the news
In November 2023, security vendor GreyNoise broke the unfortunate news of a cloud data breach that ranked as a 10.0 on the Common Vulnerability Scoring System (CVSS). Cloud provider ownCloud suffered a zero-day vulnerability that impacted its graphapi app. In turn, threat actors could access sensitive data, such as admin passwords and license keys, and gain admin privileges of the ownCloud servers.
How to defend against cloud-based attacks
Aside from typical cyber hygiene best practices (e.g., using MFA, not sharing passwords, etc.), Microsoft recommends encrypting your cloud data and knowing your security responsibilities for your cloud environment. Those responsibilities may look different, depending on your cloud provider of choice — but as Microsoft notes, “Maintaining and securing data, devices, and identities is always the customer’s responsibility.”
We also spent some additional time in the cloud developing our new agent-based device management tool built specifically for remote and local devices. PDQ Connect can help you deploy tested patches quickly, giving you a leg up in the race against threat actors. Try it free for 14 days.