Ongoing geopolitical risks from the war in Ukraine and expected threats such as vulnerability exploits and ransomware remain persistent and consistent, with threat actors conducting increasingly more damaging attacks. Here's what you need to know.
The ZeroFox intelligence findings for Winter 2022 reveal a concerning reality: as business remains focused on fortifying internal security, threat actors continue to exploit opportunities beyond the perimeter. Protecting against these threats before they hit your environment must become a point of emphasis for a unified cybersecurity program.
Source: ZeroFox
The threat from Common Vulnerabilities and Exposures (CVEs) and previously-unknown software vulnerabilities (zero-days) increased in Q3 2022 – likely representing the new normal for exploit disclosures. What's more, high-profile vulnerabilities disclosed this quarter will continue to be exploited by threat actors despite the longstanding availability of patches.
Key Takeaways
ZeroFox Intelligence saw a steady flow of attempts to sell illicit access to secure networks, based on monitoring covert communications channels and open marketplaces – and beyond. Most IABs continue to be driven by financial gain rather than ideological objectives.
Key Takeaways
Source: ZeroFox Intelligence
Source: ZeroFox
Botnets deploying information stealers continued to pose a significant threat to organizations, rapidly taking advantage of new exploits and upgrading detection evasion capabilities. Expansion of the botnet market continued, with new botnets — including Fodcha, Panchan, and the Mirai-based Enemybot — emerging to target web servers, modems, routers, Internet-of-Things (IoT), and Android devices.
Key Takeaways
The threats from malware and ransomware remain high and unlikely to reduce given ease-of-acquisition. However, both activities likely remained broadly consistent in Q3 2022, though the nature of the threat changed significantly. Threat actors demonstrated greater capability than in prior attacks in Q2 2022. High-profile attacks targeted the finance, manufacturing, retail, healthcare, and public sectors.
Key Takeaways
Source: National Law Review
Source: Gartner
As expected, Russia and its war in Ukraine were the primary drivers of geopolitical risk across industries in Winter 2022. Russia demonstrated an eagerness to deliberately worsen existing inflation, energy, and cost-of-living issues by strategically limiting energy supplies and using threat actors to target Western allies of Ukraine. On the other hand, malicious activities from other traditional sources of geopolitical tension, like China and Iran, are minor in comparison.
Key Takeaways
Manufacturing emerged as theworld's most hacked industry in 2022, driven primarily by quarter over quarter exploits of both known and unknown vulnerabilities.
Threats from Initial Access Brokers and ransomware are on the rise, putting sensitive patient healthcare information and personally identifiable information.
Ransomware remains an urgent concern for government and public sector agencies as criminals seek new ways to steal sensitive information.
The financial sector faced a notable increase in social engineering attacks, including threat actors leveraging techniques to bypass multi-factor authentication (MFA).
The energy sector saw one of the biggest increases in threats of any sector in Q3 2022 due to the ongoing war in Ukraine, as well as expected threat growth from IABs and ransomware.
Vulnerability exploits and ransomware continue to be the most common attack vectors for attacking retail. Winter 2022 also saw growth in social engineering attacks.
Only unified external cybersecurity can protect
you beyond the perimeter.
Social Engineering
Social engineering remained one of the most frequently reported intrusion tactics in Q3, across all industries. This increasing trend will surely continue based on the effectiveness of tactics like smishing, callback phishing (vishing), and phishing techniques that bypass MFA.
Key Takeaways
Cybercriminals use social engineering in 98% of attacks.
Source: PurpleSec