The year 2022 was marked by unprecedented levels of cyberattacks, driven by geo-political tensions, the hybrid work environment, and the proliferation of ransomware and hacktivism. Check Point Research (CPR), the Threat Intelligence arm of Check Point Software, a leading provider of cybersecurity solutions globally, has published its 2023 Cyber Security Report, which provides a comprehensive overview of the cyber-threat landscape and the key trends that shaped it.
The Rise of Disruption and Destruction Malware
One of the most alarming findings of the report is the increase in malware that aims to disrupt or destroy systems and data, rather than extort money or steal information. These include wipers, which erase data from infected devices, and unrestrained ransomware, which encrypts data without providing a decryption key or a ransom demand. According to the report, these types of malware accounted for 12% of all malware attacks in 2022, compared to only 4% in 2021.
The report attributes this trend to the escalation of the Russo-Ukrainian war, which triggered a surge of cyberattacks from both state-sponsored actors and hacktivist groups. The report cites several examples of such attacks, such as:
- The BlackEnergy attack on Ukrainian power grids in January 2022, which caused widespread blackouts and was attributed to Russian hackers.
- The NotPetya attack on Ukrainian businesses and government agencies in June 2022, which used a modified version of the Petya ransomware to wipe data from infected devices and was also linked to Russia.
- The BadRabbit attack on Eastern European countries in October 2022, which used a fake Adobe Flash update to spread ransomware that encrypted data without providing a decryption key or a ransom demand.
- The Olympic Destroyer attack on the Pyeongchang Winter Olympics in February 2023, which used a sophisticated malware that deleted files and disabled network services on infected devices and was attributed to North Korean hackers.
The report warns that these types of attacks pose a serious threat to critical infrastructure, business continuity, and public safety, and calls for more robust prevention and response mechanisms.
The Cloud: A Third Party Threat
Another key finding of the report is the significant increase in the number of attacks on cloud-based networks per organization, which shot up by 48% in 2022 compared with 2021. The report notes that the shift to the cloud has expanded the attack surface for cybercriminals, who can exploit misconfigurations, vulnerabilities, and weak credentials to gain access to sensitive data and services.
The report also highlights the role played by third-party tools and services in facilitating cloud attacks. These include:
- Legitimate collaboration tools, such as Slack, Discord, Telegram, and GitHub, which are used by threat actors to communicate, distribute malware, and exfiltrate data.
- Popular IT management tools, such as SolarWinds Orion, Microsoft Exchange Server, and Kaseya VSA, which are targeted by threat actors to compromise large numbers of organizations through supply chain attacks.
The report advises organizations to adopt a holistic approach to cloud security, which includes securing data at rest and in transit, enforcing strong access controls and policies, monitoring cloud activity and configurations, and applying patches and updates regularly.
How Defants Can Help You Fight Back ?
The 2023 Cyber Security Report gives a detailed synopsis of the cyber-threat landscape and provides practical recommendations to security professionals on how to prevent the next attack. However, prevention is not enough. Organizations also need to be prepared for incident response, which is the process of detecting, containing, analyzing, and resolving cyberattacks.
Incident response is challenging for many reasons. It requires skilled personnel, specialized tools, effective coordination, timely communication, and accurate documentation. It also involves dealing with complex and dynamic scenarios that can change rapidly and unpredictably. Moreover, it is often hampered by manual processes, siloed teams, inconsistent workflows, and fragmented data.
This is where Defants comes in. Defants is a cybersecurity startup that offers a Security Incident Response Platform (SIRP) called Defants vSIRT. Defants vSIRT is a cloud-based solution that leverages automation and collaboration to streamline incident response and help organizations cope with the increasing number and complexity of cyberattacks.
Defants vSIRT provides several benefits for incident response teams:
- It automates repetitive tasks such as data collection, enrichment, analysis, triage, compromised assets, and reporting.
- It integrates with various security tools and data sources collectors such as Kape, DFIR ORC, Velociraptor or EDRs (Endpoint Detection and Response), and in the next release with threat intelligence feeds.
- It enables collaboration among different teams and stakeholders such as analysts, managers, executives, legal, and PR through a centralized platform.
- It standardizes incident response processes and workflows based on best practices and industry frameworks such as NIST, MITRE ATT&CK.
Defants vSIRT helps organizations reduce the time, cost, and impact of cyberattacks, while improving their security posture and resilience. It is a powerful ally in the fight against cyber threats.
Conclusion
The 2023 Cyber Security Report by Check Point Research reveals a year of cyber chaos, marked by an increase in cyberattacks and the rise of disruption and destruction malware. The report also highlights the challenges posed by the cloud environment and the misuse of legitimate tools by threat actors. The report offers valuable insights and recommendations for security professionals on how to prevent the next attack.
However, prevention is not enough. Organizations also need to be prepared for incident response, which is the process of detecting, containing, analyzing, and resolving cyberattacks. Incident response is challenging for many reasons, but it can be streamlined and improved with the help of Defants vSIRT, a Security Incident Response Platform that leverages automation and collaboration. Defants vSIRT helps organizations reduce the time, cost, and impact of cyberattacks, while improving their security posture and resilience.
If you want to learn more about the 2023 Cyber Security Report by Check Point Research, you can download it here: https://resources.checkpoint.com/report/2023-check-point-cyber-security-report