Looking back at 2022 is instructive as you prepare your cybersecurity approach for 2023. It helps guide your security approach and helps prepare employees and systems for the year ahead. For example, some state-backed attacks focus on stealing intellectual property from technology companies. Other state-based attacks are focused on stealing funds. Knowing this, technology companies need to better protect their IP, while non-tech companies need to implement stronger security policies around financial transfers.
Cyberattacks hit the headlines throughout the year. In January, an attack on Red Cross Australia led to data exposure of 515,000 vulnerable people. Every month, large and small companies experienced attacks, including Optus, Medibank, and Toyota, exposing data and shutting down factory production. As part of these attacks, we saw a tremendous increase in identity-based attacks, and it emerged as a leading threat vector behind major data breaches.
Chinese hackers also made headlines in 2022, but that only tells a small piece of the cyber-aggression in the region. State-backed advanced persistent threat (APT) groups targeted government entities, nonprofits, religious, and non-governmental organisations across Asia Pacific.
Business email compromise (BEC) attacks proved themselves to be more profitable than ransomware, costing organisations over US$2.4 billion in 2021 and more than US$43 billion since 2013.
We’ve also seen a rise in collaboration between initial access brokers and the use of traditional malware. This collaboration grants access to a network for reconnaissance, followed by the use of specialised tools to disable EDR protections. This makes it particularly challenging for organisations to stay safe from highly organised attacks.
Top Cyber Threats for 2023
We believe identity-based attacks leading to data breaches will continue to be the leading attack vector in Australia. For threat actors, targeting identity and access management gaps through compromised credentials is the fastest path to the target’s resources and critical data. Attackers recognize that the Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive data, install backdoors into the system, and alter security policies.
The shift to hybrid work and cloud storage has made identity the new perimeter. Businesses need to detect and respond effectively to breaches with an effective Identity Threat Detection and Response (ITDR) to protect against threats at every stage.
Despite Russia’s war in Ukraine, or perhaps because of it, we did not see any slowdown in Russian-based ransomware attacks. There’s no reason to believe these types of attacks will slow down in 2023.
Financially motivated groups will continue to conduct opportunistic attacks built on social engineering techniques to gain credentials and access. They also prefer attacks built into the supply chain, such as Microsoft Exchange servers. These types of attacks enable threat actors to compromise thousands of organisations around the globe.
Geopolitics will continue to play a large role in cyberattacks. As the war in Ukraine continues, Russia is expected to continue trying to attack critical infrastructure systems in Asia Pacific, Europe, and the United States.
Meanwhile, Chinese threat actors are also expected to continue with attacks as tensions with the South China Sea continue to prevail. These attacks might be conducted through supply chain operations and BEC attempts, based on previous attacks.
Protecting Australian Companies from Attack
Companies in the region need to understand that they are a target of an opportunistic or targeted attack. Opportunistic attacks take place when a threat actor gets hold of credentials and launches an attack, usually trying to steal money. These types of attacks involve malware files and can be implemented by anyone who gains access to a system.
Targeted attacks are directed at a specific company with a specific goal in mind. It may be sabotage, an attempt to steal IP, or to shut down an aggressive government agency. These attacks generally take much longer to plan and implement than opportunistic attacks.
The attack vectors for both types of attacks include phishing, BEC, malvertising, and spoofed websites. For many of these scenarios, internal training and adherence to best practices reduce the attack surface. Your IT team should be diligent about upgrading, patching, and maintaining software and systems.
It’s also essential to deploy automated endpoint detection and response (EDR) and extended detection and response (XDR) security systems to identify, contain, and destroy malicious software. Every company in the region should also improve their security posture by implementing identity security policies. Additionally, they should minimise their attack surface and monitor threat intelligence so they know what to expect. Following these guidelines should help keep your company safe in 2023.
WatchTower Threat Hunting Manager at Asia Pacific
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.