From the Darkweb to the Cloud: Enterprise Threats in 2023

Last year was marked by significant international cyber incidents, especially in Latin America, where ransomware groups, such as Conti, ChileLocker and Guacamaya, wreaked havoc by leaking sensitive data and paralyzing the operations of companies and government services for several days. Unfortunately, the outlook for the next 12 months doesn’t look much different: the rise of malware-as-a-service and advanced persistent threats will continue to test organizations’ strength by exploiting new vulnerabilities, organizing massive supply chain incidents and targeting specific industries. Furthermore, the growing trend of cybercriminals using media to blackmail organizations, sometimes reporting alleged data leaks, and purchasing network access to previously compromised companies on the dark web are among the key threats that companies need to prepare for in 2023.

Hacker attacks repeatedly harm individuals, damage corporations, and can even threaten entire countries, and not just financially. Just as ransomware attacks have evolved to target organizations that threat actors deem are most likely to pay a ransom, the tactics used by those behind the attacks have also changed. Traditionally, cybercriminals would contact the victim directly when a network was compromised to privately demand payment; now, they post about the security breach in their blogs, where it can be picked up and reported on by news media, immediately setting a countdown timer to the publication of the leaked data. 

Kaspersky analysts point out that ransomware actors are increasingly posting about new, successful hacking incidents perpetrated on businesses in their blogs. In fact, the number of such publications grew in 2022, where the peak number of such posts exceeded 500 per month several times between the end of 2021 and the first half of 2022. In comparison, Kaspersky experts observed 200 to 300 posts monthly at the beginning of 2021. In September and November 2022, Kaspersky’s Digital Footprint Intelligence tracked roughly 400 and 500 posts, respectively. This trend is expected to continue developing in 2023 because this tactic benefits cybercriminals whether the victim pays up or not. Because data is the new gold, it is often auctioned, with the closing bid sometimes exceeding the demanded ransom.

Similarly, the trend of personal data leaks will continue into 2023. Even though it directly influences individuals’ privacy, these regularly place corporate cybersecurity at risk. How? Well, people often use work email addresses to register with third-party sites, which can be exposed to a data leak. When sensitive information, such as email addresses, becomes publicly accessible, it may invoke the interest of cybercriminals and trigger discussions of potential attacks on the organization on dark web forums. Additionally, the data can be used for phishing and attacks that use social engineering. 

The rise of malware-as-a-service (MaaS) tools is also expected to fuel the growth of ransomware attacks this year. Kaspersky experts predict the complexity of attacks will increase, creating a situation where automated systems won’t be sufficient to ensure complete security. Furthermore, cloud technology is expected to become a popular attack vector, as digitalization brings increased cybersecurity risks. Kaspersky analysts also foresee that cybercriminals will tap dark web sites more often in 2023 to purchase access to previously compromised organizations, thus facilitating a network breach.

As the threat landscape rapidly changes, it is imperative that companies are able to adapt quickly to face the challenges of the new reality. To protect a large business or a government agency from trending threats, it is necessary to monitor the digital footprint of the organization. It is important to be prepared to investigate and respond to incidents, since it is not always possible to stop attackers before they penetrate a perimeter. The good news is that there are preventive measures and resources that can help companies avoid an attack and limit any potential damage.

Among the key measures an organization should adopt to protect itself from these growing threats are: keeping software updated on all the devices to patch all known vulnerabilities; use Threat Inteligence information to stay on top of the latest tactics, techniques and procedures (TTPs) used by cybercriminals; implement Digital Footprint Intelligence to help security analysts explore an adversary’s view of company resources, as this will allow the discovery of potential attack vectors and adjust defenses accordingly. 

In the event of a media report about an alleged data breach, the key to staying safe is to identify these messages in a timely fashion and initiate a response process similar to that used in information security incidents. Should the breach turn out to be real, services like Kaspersky Incident Response will help you respond and minimize the consequences, and to identify compromised nodes and protect the infrastructure from similar attacks in the future.

As we start a new year, it is important for organizations to take the lessons learned from 2022 and stay on top of the latest TTPs applied by threat actors to optimize and strengthen their cybersecurity strategy.