Critical for organizations to understand attackers' tactics, techniques, and procedures.
The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were recorded in the first half of 2023, and nearly 6 million encrypted threat attacks and more than 77 million IoT malware attacks transpired globally.
As cyberattacks continue to expand in scale and sophistication, the digital assault on governments, enterprises and global citizens is seemingly endless and evolving at a rapid pace.
Threat actors are increasingly seeking out opportunistic targets, such as schools, state and local governments, and retail organizations, and have continued shifting away from enterprise targets in the U.S. to regions such as Latin America and Asia - especially as organizations that are more prepared refuse to pay ransoms.
Unlike the cybercriminal gangs of years past, who relied on reputation and branding, today's attackers are largely operating in secret, in part due to recent advances by law enforcement.
By pivoting to lower-cost, less risky attack methods, such as cryptojacking, these attackers hope to reduce their risk of discovery while maximizing profit.
The current cyber threat outlook reveals an increasingly diversified landscape amid shifting threat actor strategies, requiring companies of all sizes to bolster their defenses.
Threat actors are increasingly moving away from traditional ransomware attacks in favor of stealthier malicious activities.
Case in point, overall intrusion attempts are up by 21%, encrypted threats jumped 22%, IoT malware rose by 37%, and we saw a record 399% surge in cryptojacking volume.
This year also firmly reinforced the need for cybersecurity in every industry as threat actors targeted everything from education to finance.
While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.
It is critical for organizations to better understand the attackers' tactics, techniques, and procedures, and commit to threat-informed cybersecurity strategies to defend and recover successfully from business-disrupting events.
In addition to cyberattacks becoming more sophisticated and covert, threat actors are showing clear preferences for certain techniques, with notable shifts toward potentially soft targets like schools and hospitals.
Prominent ransomware attacks of recent-140.1 million thus far in 2023-have impacted enterprises, governments, airlines, hospitals, hotels and even individuals, causing widespread system downtime, economic loss, and reputational damage.
While March saw lower-than-expected ransomware, it also turned out to be an inflection point as ransomware rose in April, more than doubled in May, and jumped again in June, suggesting a solid rebound in ransomware as we continue moving through 2023.
Further, a number of these enterprises saw a huge growth in cryptojacking attacks, including education, government and healthcare.
While ransomware continues to be a threat, we can expect more state-sponsored activity targeting a broader set of victims, including small and medium businesses who may mistakenly believe that they will fly under the radar of sophisticated attackers.
Stay abreast of new reports on the cyber threat landscape.
Review and test cyber threat defenses on a monthly basis.
The cybersecurity community will continue its efforts to make information widely available to apprise, protect, and equip businesses of all sizes with the most accurate and up-to-date threat data to build stronger defenses and solutions to guard against malicious activities - particularly at precarious times like these, when threat actors and their attacks continue to evolve and attempt to evade detection.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Fri, 22 Dec 2023 06:13:05 +0000