Ongoing geopolitical risks from the war in Ukraine and expected threats such as vulnerability exploits and ransomware remain persistent and consistent, with threat actors conducting increasingly more damaging attacks. Here's what you need to know.
72+ CVEs were disclosed per day in Q3 2022.
Source: ZeroFox
Vulnerability Exploitation
The threat from Common Vulnerabilities and Exposures (CVEs) and previously-unknown software vulnerabilities (zero-days) increased in Q3 2022 – likely representing the new normal for exploit disclosures. What's more, high-profile vulnerabilities disclosed this quarter will continue to be exploited by threat actors despite the longstanding availability of patches.
Key Takeaways
- Vulnerabilities in the cloud and network perimeter — including routers, firewalls, and commonly-used software modules — will likely continue to dominate the exploit landscape.
- Threat actors will continue to leverage high-profile vulnerabilities in widely-used software long after security patches were released.
Initial Access Brokers (IABs)
ZeroFox Intelligence saw a steady flow of attempts to sell illicit access to secure networks, based on monitoring covert communications channels and open marketplaces – and beyond. Most IABs continue to be driven by financial gain rather than ideological objectives.
Key Takeaways
- ZeroFox Intelligence anticipates a continued resurgence in threats from IABs given strong demand from buyers and the likelihood that disruption to IAB operations is only temporary.
- Threat actors may be pushed increasingly to more private means to sell illicit access, making the identification of activity more difficult.
Winter 2022 saw consistent IABs, listings, and prices.
Source: ZeroFox Intelligence
In Q3, infostealers deployed botnets to harvest nearly 45 million credentials.
Source: ZeroFox
Botnets
Botnets deploying information stealers continued to pose a significant threat to organizations, rapidly taking advantage of new exploits and upgrading detection evasion capabilities. Expansion of the botnet market continued, with new botnets — including Fodcha, Panchan, and the Mirai-based Enemybot — emerging to target web servers, modems, routers, Internet-of-Things (IoT), and Android devices.
Key Takeaways
- Botnets leveraged by Russia-aligned entities could exacerbate geopolitical tensions, particularly if more capable threat actors get engaged.
- Emotet is resurging, which poses an urgent, significant threat to organizations of all sizes, sectors, and locations.
Malware & Ransomware
The threats from malware and ransomware remain high and unlikely to reduce given ease-of-acquisition. However, both activities likely remained broadly consistent in Q3 2022, though the nature of the threat changed significantly. Threat actors demonstrated greater capability than in prior attacks in Q2 2022. High-profile attacks targeted the finance, manufacturing, retail, healthcare, and public sectors.
Key Takeaways
- A high volume of Malware-as-a-Service offerings will very likely sustain low barriers to entry for threat actors and drive down the price of acquiring highly-capable malware.
- If ransomware operators may be struggling to elicit payments from victims, which means they will likely resort to more extreme pressure tactics that threaten to cause greater operational downtime and reputational damage.
Ransomware attacks take place every 11 seconds.
Source: National Law Review
Geopolitics and cybersecurity have become inextricably linked.
Source: Gartner
Geopolitics
As expected, Russia and its war in Ukraine were the primary drivers of geopolitical risk across industries in Winter 2022. Russia demonstrated an eagerness to deliberately worsen existing inflation, energy, and cost-of-living issues by strategically limiting energy supplies and using threat actors to target Western allies of Ukraine. On the other hand, malicious activities from other traditional sources of geopolitical tension, like China and Iran, are minor in comparison.
Key Takeaways
- In the short term, businesses with physical operations or sales in EU states, particularly those with close geographic or cultural ties with Russia, should be prepared for an increase in low-level cyber threat activity.
- A wave of economic defaults before 2023 – triggered by the war – has the potential for straining business operations. The energy crisis, particularly for natural gas, will worsen.
01
Manufacturing
Manufacturing emerged as the world's most hacked industry in 2022, driven primarily by quarter over quarter exploits of both known and unknown vulnerabilities.
02
Healthcare
Threats from Initial Access Brokers and ransomware are on the rise, putting sensitive patient healthcare information and personally identifiable information.
03
Public Sector
Ransomware remains an urgent concern for government and public sector agencies as criminals seek new ways to steal sensitive information.
04
Financial
The financial sector faced a notable increase in social engineering attacks, including threat actors leveraging techniques to bypass multi-factor authentication (MFA).
05
Energy
The energy sector saw one of the biggest increases in threats of any sector in Q3 2022 due to the ongoing war in Ukraine, as well as expected threat growth from IABs and ransomware.
06
Retail
Vulnerability exploits and ransomware continue to be the most common attack vectors for attacking retail. Winter 2022 also saw growth in social engineering attacks.
External attacks are the
Only unified external cybersecurity can protect
you beyond the perimeter.
Social Engineering
Social engineering remained one of the most frequently reported intrusion tactics in Q3, across all industries. This increasing trend will surely continue based on the effectiveness of tactics like smishing, callback phishing (vishing), and phishing techniques that bypass MFA.
Key Takeaways
Cybercriminals use social engineering in 98% of attacks.
Source: PurpleSec