While there have been major developments in areas such as data
security, cloud computing, and artificial intelligence over the
past year, threat actors are becoming increasingly aggressive,
sophisticated, and in some cases, coordinated, and targeted.
Organizations must remain vigilant of the evolution of the
cybersecurity landscape in order to implement effective strategies
to keep their networks safe from potential threats. In 2022, we
observed a number of significant trends and moments that shaped the
state of play for organizations around the world. In this article,
we will look at the key cybersecurity trends and moments that
defined 2022, as well as predictions for 2023
The Trends that Defined the Cyber Threat Landscape in 2022
#1 Nation-state threats continued to rise alongside
geopolitical turmoil.
Major geopolitical events in 2022 have contributed to a dramatic
shift in cybersecurity threat actors and the way data privacy is
handled. In particular, malicious activity around the world has
highlighted the need for increased security measures to protect
against nation-state threat actors, prompting governments around
the world to implement new cybersecurity regulations. Below are the
most noteworthy nation-state threat actors of 2022:
- Russia has increased its activity but has become more
opportunistic and less coordinated in its cyberattacks on
Ukraine. The Russian Federation stood out as a major
threat actor in cybersecurity due to the cyber-attacks they
conducted. A significant portion of Russian-based threat activity
was directed at Ukraine-based entities and their allies. Multiple
government entities in Costa Rica were breached, and ransomware
campaigns and data breaches targeted companies and healthcare
organizations worldwide. US companies reported a 16% increase in
cyber-attacks attributed to Russia since the invasion of Ukraine.
1 However, when it comes to attacking Ukrainian
infrastructure, opportunistic events by Russian hackers became more
common, unlike the beginning of the war, when assaults were far
more sophisticated and coordinated. 2 Even so, at least
since May 2022, pro-Russian groups such as Killnet and Sandworm
have conducted targeted attacks in support of Russia’s
interests, ranging from Lithuanian to U.S. state government
websites.
- China conducted cyberattacks and built up an arsenal of
zero-day vulnerabilities. The People’s Republic of
China was also a major threat actor in 2022, as evidenced by the
Billbug (a.k.a. Thrip, Lotus Blossom, Spring Dragon) campaign
targeting certificate authorities, government agencies and defense
organizations in multiple countries. * 3
Furthermore, China’s ability to identify and stockpile zero-day
vulnerabilities before other nations has been bolstered by a law
implemented in 2021 that requires all Chinese entities to report
discovered vulnerabilities to the government before any other
disclosures are made. The success of this law is evidenced by the
fact that 2022 saw reduced levels of public disclosure of
cybersecurity vulnerabilities coming from China compared to
previous years, while at the same time there was an increase in
anonymous reports. All this points towards an arsenal of unreported
software vulnerabilities at the disposal of the Chinese government
4.
- Iran was particularly aggressive with a number of
destructive attacks. Iran was a relevant cyber threat in
2022 given its aggressive behavior following a transition of
presidential power. Iran demonstrated its capabilities to launch
destructive attacks by setting off emergency rocket sirens in
Israel. 5 Furthermore, Iranian actors have been engaging
in ransomware attacks for nation-state targets with no intent to
ever provide the key, suggesting an intention to cause destruction
rather than gain financially from the attack. This activity was
evidenced when the Albanian government severed diplomatic ties with
Iran following a July 15 ransomware attack that temporarily shut
down numerous Albanian government digital services and websites.
6 The sophistication and aggression of these activities
indicate why Iran was considered a significant cybersecurity threat
in 2022.
- North Korea continues to target critical industries
with ransomware. The Democratic People’s Republic of
Korea engaged in cyber activity using its most notorious threat
group, Lazarus. Spear phishing campaigns used fake job offers from
companies such as Amazon and Coinbase in an attempt to compromise
sensitive data. State-sponsored actors employed various types of
malware and ransomware to target critical industries like
healthcare, energy, aerospace, and defense. For instance, two
U.S-based healthcare providers had to pay ransoms in order to
decrypt their systems. Overall, these incidents serve as a reminder
for organizations to take proactive steps in protecting their data
from cyber threats posed by North Korean actors.
78
#2 Supply chain risks became deadlier with targeted critical
infrastructure attacks.
Major supply chain disruptions have been caused by cyberattacks:
NotPetya infiltrated Maersk’s systems after a single computer
was infected with malware in 2017, while hackers breached Colonial
Pipeline in 2021 using compromised credentials. SolarWinds also
suffered a major cyberattack in 2020, attributed to the compromise
of third-party credentials and/or access. More recently in 2022,
Okta was struck by LAPSUS$, 9 an attacker infiltrated
GitHub using stolen OAuth app tokens, 10 and
Comm100’s infrastructure was hijacked and a backdoor hidden in
the chat installer. 11 Such events served as reminders
of the importance of vigilance against various threat actors and
maintaining protocols to protect supply chains, and have made
companies aware of risks associated with software supply chain
attacks in 2022: a survey by ReversingLabs showed that supply chain
cybersecurity is high on security professional’s priority list,
with 98% of people surveyed agreeing that the use of open source
code and 3rd party software, coupled with potential threats from
software tampering, are substantially raising their security risks.
Furthermore, 87% are aware that this type of tampering can lead to
serious security issues inside their business. 12
Furthermore, ICT infrastructure suppliers are increasingly being
targeted by cybersecurity threat actors, as they provide a platform
for the replication of malicious attacks, with pro-Russia hacker
group Killnet even targeting the Eurovision Song Contest this year,
albeit unsuccessfully. 13 As a consequence, global
legislation and regulation pertaining to data privacy and supply
chain security have also become more stringent, often with varying
requirements between jurisdictions, and customer demand for
resilient security solutions also growing rapidly.
14
Some have opted to take steps to address these risks, with 53%
of organizations planning to increase their cybersecurity spending
for 2023. 15 According to research conducted by the
Verizon DBIR, attacks on supply chains increased dramatically
during 2022. Furthermore, these threats are made more complex due
to the interconnected nature of global environments. As a result,
90% of supply chain leaders have indicated plans to pursue
regionalization in order to mitigate these potential third-party
risks. 16
Notwithstanding initiatives to secure systems, supply chain
attacks show no sign of declining considering the trend of recent
years. Thus, professionals believe supply chain cyberattacks will
continue to grow in number and sophistication. 17
#3 The shift from “prevention” to “detection and
response” continues.
The continued trend from 2021 of shifting cybersecurity focus
from prevention to detection and response remained in full swing
throughout 2022. Organizations were increasingly recognizing the
need for proactive and effective threat hunting, incident response,
data privacy protection, and more advanced security analytics
capabilities. The emergence of new threat actors–especially
those using artificial intelligence (AI) assisted
tactics–kept organizations on their toes as malicious actors
took advantage of vulnerabilities previously overlooked or left
unprotected. In this shift, which will continue into 2023, the
proliferation of the following developments is noteworthy:
- Managed Detection and Response (MDR) Systems:
In 2022, managed detection and response (MDR) experienced rapid
growth and adoption across the cybersecurity market. This is
largely attributed to an increase in both complexity of
cybersecurity threats and the number of threat actors targeting
organizations. The ability of MDR solutions to quickly detect and
respond to such threats has become increasingly attractive as
organizations strive to reduce their time-to-detect and thus
mitigate the impact of these events. The use of MDR also saw a
shift from being limited to larger organizations with extensive
resources, towards all sizes of organizations relying on it, due to
its affordability, scalability, and flexibility. As more data
privacy regulations are enacted, there is also an increased focus
on data protection and compliance, including the need to detect and
respond quickly to any potential security incidents. This
accelerated the demand for MDR solutions in 2022.
18 - Next Generation Antivirus (NGAV): In 2022,
Next Generation Antiviruses (NGAVs) began to take center stage in
cybersecurity due to the increasing sophistication of threat actors
and the emergence of fileless attacks. As such, organizations
realized that Legacy Antiviruses were no longer adequate in
preventing cyberattacks, as attackers had found ways to bypass
these defenses. To combat this, NGAV became a necessity as it
provides proactive rather than reactive protection against both
known and unknown threats. NGAV is cloud-based, meaning that
deployment can take place within hours rather than months, with no
additional hardware or software required. The burden of maintaining
software, managing infrastructure, and updating signature databases
is also eliminated. Additionally, customers are now able to install
up to 70,000 agents in a single day. 19 - Threat Intelligence: Threat intelligence is
the use of data, analytics, and insights to identify, assess and
respond to cyber threats. It is a proactive approach to
cybersecurity that enables organizations to stay ahead of the
rapidly evolving threat landscape. In 2022, the global market for
Threat Intelligence was estimated to be US$7.3 Billion and is
projected to reach a revised size of US$20.6 Billion by 2027,
growing at a CAGR of 16% over the period 2020-2027. 20
This rapid increase can be attributed to changes in data privacy
laws and regulations, an increased focus on data security by
organizations worldwide and the rise of new sophisticated threat
actors operating on a global scale. Law enforcement agencies are
also now leveraging real-time threat intelligence to proactively
combat human trafficking. 21
Looking to the horizon: The trends that will define 2023
#1 The transition to hybrid or fully-cloud environments will
accelerate.
The move to hybrid or fully-cloud-based infrastructures is a
steady trend that organizations should be mindful of when investing
in data protection. Mid-sized companies, in particular, have been
embracing security partners that offer a range of services as
opposed to relying on spot solutions and niche providers. As
infrastructure moves into the cloud, the on-premises footprint
diminishes, potentially leading to reduced security exposure;
however, it also increases vulnerability to Cloud technologies and
practices which require specialized skill sets and strategies for
effective implementation. Organizations must remain cognizant of
these changes and ensure robust cybersecurity trends, threat
actors, and data privacy measures are in place as they continue
their transition to hybrid or fully-cloud environments. It is
essential to stay abreast of the latest cybersecurity trends and
threats in order to protect confidential data and sensitive
information.
Organizations must prioritize data privacy as they navigate
their transition to cloud-based infrastructure, as it is pivotal
for continued compliance, trustworthiness, and customer
satisfaction. By taking a proactive approach to cybersecurity,
organizations can ensure the continued transition to hybrid or
fully-cloud environments is successful and secure.
#2 The economics of developing an in-house cybersecurity
function will continue to tilt.
The economics of developing an in-house cybersecurity function
have been a major concern for many businesses over the past few
years. In 2022, this was no different, with the cost of cyber
defense still largely outweighing the cost of attack.
As data privacy regulations become more robust and cyberattacks
are increasingly sophisticated, it is likely that in-house
cybersecurity functions will continue to be expensive for many
companies. To minimize costs, some organizations may consider
outsourcing part or all of their cybersecurity operations to
third-party vendors. At the same time, there is a risk that these
vendors may not be as secure or reliable as an in-house team.
Organizations looking to build their own cybersecurity defense
must also weigh the value of investing in newer technologies like
artificial intelligence (AI) and machine learning (ML). By
capitalizing on automation and advanced analytics, teams can
quickly identify malicious actors and protect against attacks more
efficiently than ever before. However, the cost of implementing new
tools can be expensive – especially for smaller businesses
with limited resources.
As trends such as AI, ML and data privacy regulation continue to
shape the cybersecurity landscape in 2023, budget-conscious
companies must be mindful of the trade-offs they are making when
deciding to invest in cybersecurity. The right balance between cost
and security is essential for organizations looking to ensure a
secure future.
#3 Artificial intelligence-driven automation tools will become
more effective but will require greater expertise to leverage
them.
As the sophistication of cyber threats continues to grow, so too
has the demand for more advanced cybersecurity solutions.
Artificial Intelligence (AI) and automation tools have become a
critical part of the cybersecurity landscape in 2022. AI-driven
automation tools are becoming increasingly effective at mitigating
security threats and can identify potential threats before they
become an issue. However, these automated solutions require greater
expertise to use than ever before.
While it is advisable for organizations to adapt to stay ahead
of their adversaries by embracing AI-driven tools, they also must
be cognizant of this new need for more experienced and specifically
trained professionals; organizations need access to a talent
pipeline of experienced analysts who understand how and when to use
these tools effectively. For example, new technologies such as
machine learning can automate the process of identifying malicious
actors, but analysts must still be able to accurately interpret the
data and understand when an attack is imminent. Automated tools
powered by advanced AI are more powerful than ever, but still
require continuous management and maintenance in order to remain
effective. As the market comes to terms with this reality, it is
also probable that opportunities for flexible managed service
providers will emerge.
Consequently, in 2023 there will be an increased demand for
cybersecurity professionals with experience using AI-driven
automation tools as organizations look to stay ahead of their
adversaries. It is likely that this trend will continue throughout
the next year and beyond.
#4 Regulation and regulatory scrutiny will continue to
intensify.
Regulation and regulatory scrutiny have become increasingly
important in the cybersecurity industry due to the prevalence of
cyber threats. This has led to an expansion of legislation designed
to protect companies and individuals from cyber-attacks,
safeguarding their data and privacy. Regulatory oversight in the
industry will continue to intensify as organizations become
increasingly aware of the need for secure practices when handling
highly sensitive information. Companies must now implement
stringent security measures, such as encryption methods and layered
access control, or face significant financial and reputational
penalties if a breach occurs. Going forward, organizations must
strive to stay up to date on current regulations, invest in
technologies that can help meet compliance requirements, and take a
proactive approach to cybersecurity while doing their utmost to
protect their customers’ information from malicious actors.
Footnotes
* Despite Billbug’s activity only having been noticed
in early March 2022, the state-sponsored group is thought to have
been operating for over a decade.
1 Cybersecurity: A Year in Review; Nasdaq,
2022.
2 Ukraine: Russian cyber attacks aimless and
opportunistic; TechTarget, 2022.
3 Chinese hackers target government agencies and
defense orgs; Bleeping Computer, 2022.
4 China is likely stockpiling and deploying
vulnerabilities, says Microsoft; The Register,
2022.
5 False Air Raid Sirens in Israel Possibly Triggered
by Iranian Cyberattack; Security Week, 2022.
6 Albania severs diplomatic ties with Iran over
cyber-attack; BBC, 2022.
7 APT trends report Q3 2022; SecureList,
2022.
8 Alert (AA22-187A): North Korean State-Sponsored
Cyber Actors Use Maui Ransomware to Target the Healthcare and
Public Health Sector; Cybersecurity & Infrastructure
Security Agency, 2022.
9 Updated Okta Statement on LAPSUS$; okta,
2022.
10 Security alert: Attack campaign involving stolen
OAuth user tokens issued to two third-party integrators; GitHub
Blog, 2022.
11 Comm100 Installer Abused in Supply Chain Attack to
Distribute Malware; SOC Radar, 2022.
12 Survey finds software supply chain security top of
mind for dev teams — but tampering detection lags;
ReversingLabs, 2022.
13 Eurovision 2022: Russian vote hacking attempt
foiled, police say; BBC, 2022.
14 As CIOs tighten tech spend, demand for
cybersecurity services grows; CIO Dive, 2022.
15 Cybersecurity spending and economic headwinds in
2023; CSO, 2023.
16
Why Cybersecurity Has Never Been More Important for the Supply
Chain Sector; SupplyChainBrain, 2022.
17 Attacks on Software Supply Chains To Increase in
Severity in 2023: Report; Spiceworks, 2022.
18 WHAT IS MANAGED DETECTION AND RESPONSE (MDR)?;
CrowdStrike, 2022.
19 WHAT IS NEXT-GENERATION ANTIVIRUS (NGAV)?;
CrowdStrike, 2021.
20 Global Threat Intelligence Market to Reach $20.6
Billion by 2027; GlobeNewswire, 2022.
21 Combating Human Trafficking With Threat
Intelligence — Prosecution; Recorded Future,
2022.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
link