Chad Skipper, Global Security Technologist at VMWare analyses the lessons learnt during this year and reveals his predictions for 2023.
This year has been a headline year for critical data breaches and cyberattacks, overshadowing defence milestones achieved by security teams across the globe. While businesses have been updating response tactics in line with the surge in cybercriminal activity, it is clear that organisations are still struggling to adequately protect their assets from thieving hands.
In the last 12 months alone, we’ve seen cybercriminals successfully targeting major organisations across a variety of industries, including Toyota which suffered a data breach after a third party was able to access a company server with credentials that they obtained from source code published on GitHub by a third party contractor. Cisco also confirmed a cyberattack after an employee’s credentials were compromised and the attacker was observed leveraging machine accounts for privileged authentication and lateral movement across the environment.
These breaches facilitated by lateral movement strategies, mass phishing expeditions, and sophisticated ransomware have substantially undermined network security resulting in reputational damage for many businesses and ultimately losses of customer trust. As we reflect on the year past, while it is important to acknowledge the many successes of security teams, it is also crucial to take learnings from these high profile breaches to avoid history repeating itself.
I predict there will be five key challenges bound for enterprise cybersecurity teams in the year ahead: investing in responsive tech, lateral movement, aggressive API attacks, a rise in deepfakes, and cyber warfare.
Innovative instincts tackle evasion tactics
Threat response innovation has been the industry’s standout growth area in 2022. VMware’s Global Incident Response Threat Report (GIRTR) found that cybersecurity professionals are actively deploying new techniques, such as virtual patching to respond to incidents and counter cybercriminal activity. Although today’s threat actors possess an impressive portfolio of evasion tactics, the research unveiled that the majority of cybercriminals are inside the target environment only hours (43%) or minutes (26%) before an investigation occurs.
As threat response time is critical to network defence, meeting sophisticated threat actors at their level is mission-critical to protecting systems. Using innovative tactics to update response techniques is the first point of call in stopping malicious intent before it escalates – and one to focus on moving into 2023.
The new battleground
You can’t stop what you can’t see, and instances of lateral movement within an environment present an ever-expanding battleground for security teams as it lays the foundation for one-quarter of all attacks reported in VMware’s GIRTR. These infiltration techniques have been overlooked and underestimated by organisations this year. In April and May this year alone, nearly half of intrusions contained a lateral movement event, with most involving the use of remote access tools (RATs) or the use of existing services, such as the Remote Desktop Protocol (RDP) or PsExec.
In 2023, we expect cybercriminals will continue to utilise remote desktop protocol to disguise themselves as system administrators. As we head into the new year, CISOs must prioritise the integration of EDR and NDR to defend data centres, access points, and critical infrastructure that hackers can infect once they infiltrate external barriers.
Next year, we’ll continue to see the evolution of initial access tactics as cybercriminals attempt to gain a foothold in organisations. A main goal of such access is to carry out aggressive API attacks against modern infrastructure and exploit workload vulnerabilities within an environment. Most of the traffic within those modern applications is often unsupervised API traffic, fuelling lateral movement as cybercriminals continue to use evasive techniques once inside the environment to divert detection on VDIs, VMs, and traditional applications. These initial access techniques will be increasingly attractive to malicious actors aware of organisations’ monitoring limitations and will hunt for vulnerabilities.
This year, deepfake attacks soared. We’ve seen deepfakes move from the entertainment sphere to business and enterprises. In fact, two thirds (66%) of businesses have reported witnessing a deepfake attack in the past 12 months. The technology leaves security teams battling false information and identity fraud designed to compromise an organisation’s integrity and reputation. Deepfake attacks, identified in email, mobile messaging, voice recording, and social media are pliable enough to grow into the scammers weapon of choice.
Next year, we will see the number of deepfakes continue to soar. Businesses must take proactive steps to mitigate the risk of falling victim to deepfake-based scams via investments in detection software and employee training to ensure they are able to detect deepfakes.
The big red (digital) button
Critical infrastructure is facing a year of vulnerability as cybercrime toolkits will undoubtedly develop behind borders. The majority (65%) of respondents to VMware’s GIRTR stated an increase in cyberattacks tied to Russia’s invasion of Ukraine. Russia’s digital offensive has revealed a new era of warfare, designed to corrupt key industry services bringing infrastructure, such as power grids, to a standstill. Ukraine’s threat response readiness is vital to its defence, and cyber tactics will undoubtedly grow into a central component of modern armed conflict. Cyber warfare therefore highlights that vigilance is the crux of effective cybersecurity strategy.
Security bootcamp for 2023
We may be heading into a new year, but the primary goal of cybercriminals stays the same: gain the keys to the kingdom, steal credentials, move laterally, acquire data, and then monetise it. To improve defence efficiency moving forward, security teams must focus on workloads holistically, inspect in-band traffic, integrate NDR with endpoint detection and response EDR, embrace Zero Trust principles, and conduct continuous threat hunting. Only with this comprehensive rulebook will organisations empower security teams to face the challenges ahead.