Inside Jobs, Cloud Abuse and Ransomware Attacks Are 2023’s Top Cybersecurity Threats

Inside Jobs, Cloud Abuse and Ransomware Attacks Are 2023’s Top Cybersecurity Threats

by December 21, 2022

Persistent insider threats, cloud infrastructure misuse and abuse, and the sophistication of cyberattacks are fostering a riskier cyber environment for organizations worldwide.

At Securonix, a company specializing in security intelligence solutions, new vulnerabilities are being identified at nearly double the pace of last year, while the number of threats observed over the last 12 months has soared 482% compared to the same period a year prior, the company said in a new report.

The 2022 Threat Report, released on November 16, 2022, shares key trends the cybersecurity company observed over the past year, highlighting the significant uptick in the number of threats seen globally, the emergence of new cloud security risks, and the rise of ransomware attacks.

Over the past year, Securonix says it has observed 867 threats and 35,776 indicators of compromise (IOCs), figures that represent a 482% and 380% year-over-year (YoY) increase, respectively. A total of 582 threats have been detected, analyzed and reported during the period, up 218% from 2021.

Insider threats

Among the top trends recorded, Securonix says insider threat, a security risk that originates from within the targeted organization, continues to be rampant this year.

Data reveal that insiders are now leveraging cloud applications to steal corporate data by using personal email and sharing platforms. Email (68%) and content management products (68%) were in fact found to be the top exit channels for insiders to exfiltrate data, the research found, a shift from traditional methods such as USB.

Leveraging cloud apps and business collaboration services rather than traditional channels has broadened the attack surface and created more opportunities for corporate data theft, the report says.

Insider threats

source: Securonix

Echoing with the Securonix report, a new research by Kroll, a provider of risk and financial advisory solutions, found that insider threat peaked to its highest quarterly level to date in Q3 2022, accounting for nearly 35% of all unauthorized access threat incidents the company observed during that period.

The risk of insider threat runs higher during an employee termination process where a disgruntled employee may seek to steal data or company secrets to publicly undermine an organization, the report says. Other employees, meanwhile, may seek to move over critical data that they can leverage at their new organizations.

Cloud infrastructure misuse and abuse

As organizations continue to migrate to the cloud, invest in collaboration tools and work on establishing a balance between the ease of the cloud and the necessary security controls, cloud infrastructure misuse and abuse will remain high risk areas, the Securonix report says.

The research found that threat actors and nation state-sponsored attackers are now taking advantage of a larger attack surface enabled by the cloud, leveraging public infrastructure services to evade defenses and known whitelists, and to set up attack networks on major cloud platforms with relative ease.

This year, geopolitical tensions have heavily influenced cyber operations. Several attacks have been observed against Ukrainian entities by state-backed groups. Threat actors have also targeted 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).

Findings from the Securonix research are consistent with those of cybersecurity firm Check Point. In its 2022 Cloud Security Report, a global report based on a survey of 775 cybersecurity professionals, Check Point revealed that 27% of the organizations it polled indicated having experienced a security incident in their public cloud infrastructure within the last 12 months, up ten points from the previous year.

Malicious actors are targeting cloud services for different reasons. They may want to exploit these infrastructures’ vulnerabilities to exfiltrate data from the victim’s organization’s network for profit or other illicit purposes. They may also seek to abuse cloud services like Microsoft Azure and Amazon Web Services to distribute malware.

Ransomware attacks

Another top trend observed by Securonix over the past year is the increase of ransomware attacks.

According to the report, cybercriminals are looking to capitalize on the larger attack surface enabled by cloud computing and the higher value assets available in hybrid work environments, and are now shifting toward attacking key entry points on networks that rely on cloud services.

The Securonix research found that compromised user credentials and phishing attacks are now the primary vectors enabling cybercriminals to execute ransomware attacks, findings that corroborate with trends observed by other companies.

Email security vendor Proofpoint released its annual report on phishing and ransomware earlier this year, sharing results of a survey of 600 security professionals and 3,500 workers across Asia-Pacific, Europe and the UK. According to the study, a staggering 83% of the organizations polled indicated experiencing a successful email-based phishing attack in 2021, up 26 points from 2020.

68% of respondents said they were infected by ransomware last year, up two points from 2020. Of those infected with ransomware, 58% agreed to pay a ransom, a 24 point increase from 2020.


Featured image credit: freepik