2022 Cyber Threat Trends and 2023 Predictions

As we enter the new year, we're taking a look back at some of the most persistent cyber threat trends of 2022 according to our Quarterly Threat Landscape Reports and Scorecards. Regardless of industry, businesses have seen persistent threats from adversaries.

"We haven't seen a ton of big changes over the last year," says AJ Nash, ZeroFox's Distinguished Fellow of Intelligence. "But we have seen some things to take note of."

In this post, we broke down the most common cyber threat trends of 2022 based on research from the ZeroFox Intelligence team. We also will cover a look forward into 2023's challenges and positive aspects.

Looking Back: 2022 Impactful Cyber Threat Trends Heading Into 2023

Social engineering remained constant

Social engineering remained one of the most frequently reported intrusion tactics in 2023. These often sophisticated campaigns had a variety of motivations, including financial gain, geopolitics, and hactivism. This increasing trend will surely continue based on the effectiveness of tactics like smishing, callback phishing (vishing), and phishing techniques that bypass MFA. A few of the most notable social engineering threats to all industries include:

• Malicious email attachments remain a prominent method of disseminating malware.
• Continued targeting of desirable employees in job-related scams—especially those in leadership positions with elevated access levels, which increases the risk of financial harm or corporate exposure.
• Impersonating social media accounts of various businesses, government entities, and executives.

Botnets and Infostealers expanded

2022 saw the increase in the use of botnets. Botnets deploying information stealers continued to pose a significant threat to organizations, rapidly taking advantage of new exploits and upgrading detection evasion capabilities. Some of the newer botnets — including Fodcha, Panchan, and the Mirai-based Enemybot — emerged to target web servers, modems, routers, Internet-of-Things (IoT), and Android devices. These botnets exploited hundreds of millions of credentials, which were later sold in dark web marketplaces and forums.

Additionally:

• Botnets leveraged by Russia-aligned entities could exacerbate geopolitical tensions, particularly if more capable threat actors get engaged.
• Emotet is resurging, which poses an urgent, significant threat to organizations of all sizes, sectors, and locations.

Geopolitics changed the threat landscape

One of the main headlines of the year was Russia's war in Ukraine. This was the primary driver of geopolitical risk across industries in 2022. Russia demonstrated an eagerness to deliberately worsen existing inflation, energy, and cost-of-living issues by strategically limiting energy supplies and using threat actors to target Western allies of Ukraine. On the other hand, malicious activities from other traditional sources of geopolitical tension, like China and Iran, are minor in comparison.

These geopolitical tensions had an impact on nearly every type of threat. For example, geopolitical tensions correlated to a rise in ransomware attacks, botnets, and social engineering attacks.

Furthermore:

• In the short term, businesses with physical operations or sales in EU states, particularly those with close geographic or cultural ties with Russia, should be prepared for an increase in low-level cyber threat activity.
• A wave of economic defaults before 2023 – triggered by the war – has the potential for straining business operations. The energy crisis, particularly for natural gas, will worsen.

Rise of Malware-as-a-Service (MaaS)

We know how SaaS companies operate, but did you know that malware is being sold and used in the same way? 2022 saw a notable increase in MaaS providers. The threats from malware and ransomware remain high and unlikely to reduce given ease-of-acquisition. Threat actors demonstrated greater capability than in prior attacks in Q2 2022. High-profile attacks targeted the finance, manufacturing, retail, healthcare, and public sectors.

• A high volume of Malware-as-a-Service offerings will very likely sustain low barriers to entry for threat actors and drive down the price of acquiring highly-capable malware.
• If ransomware operators may be struggling to elicit payments from victims, which means they will likely resort to more extreme pressure tactics that threaten to cause greater operational downtime and reputational damage.

The vulnerability apocalypse is cancelled for another year

Despite a number of significant vulnerabilities disclosed in 2022, the exploitation rate was comparatively stable The amount of attention these vulnerabilities received due to the CVE rating system was not supported by actual malicious activity.

Additionally:

• Vulnerabilities in the cloud and network perimeter — including routers, firewalls, and commonly-used software modules — will likely continue to dominate the exploit landscape.
• Threat actors will continue to leverage high-profile vulnerabilities in widely-used software long after security patches were released.

Looking ahead: Challenges and changes in 2023

Budget cuts and reduced spending will impact security teams

With the potential of a recession looming, many companies are looking to restructure and reduce costs. Unfortunately, it is often the burden of security and IT teams to prove their value, which can be tough to do when they've done a good job. After all, the better job they do, the less they are seen by the rest of the enterprise -- like vigilantes in the night keeping criminals off the mainstream radar.

"There are so many vacancies in cybersecurity," says Nash. "Then when layoffs happen, there are lots of security people let go. When push comes to shove, business leaders roll the dice on risk, and that all trickles down on security teams. They say do more with less. To have that piled on top of Covid, I think it’s different than we’ve ever seen before. Security teams will be tied to overhead vs value."

Increase in automation will ease security team burden

With the challenge of layoffs comes the push for automation. However, that doesn't mean automation or AI will ever replace humans, just that it can augment the human experience and make it easier to work.

"The people who are left after layoffs are drained of energy and they may not have the pick me ups they used to have," says Nash. "Companies are going to regret believing they can just cut the security team. There’s not enough fear of the results of that. But on a positive note, we’ll see a new round of automation. There will be new technologies, efficiencies, and innovative ways to do the things that people have been doing."

Keep an eye on future trends

As you plan for another year of uncertainty, ZeroFox has you covered. You can download our Quarterly Threat Landscape Scorecards, as well as our Guide to External Cybersecurity to learn how to protect your enterprise in the new year.