Ransomware, attacks on critical infrastructures and “cyber wars” – last year the cyber world was definitely not standing still, so it’s no surprise that in future, this won’t be changing anytime soon. What cyber issues stood out in particular in 2022, and which ones should we be expecting in 2023? In our review and outlook, we provide a brief insight.
2022: a worring cyber threat landscape
In many people’s memories, 2022 will be thought of as a year of political and economic turmoil. Nevertheless, digitisation and connectivity have continued to move forward, which has also had an impact on cyber crime and with it, security. While some companies were struggling with the consequences of these uncertain times and others were still lagging behind on digital requirements, in 2022 cyber criminals successfully pressed ahead with their business. Just how successful this was is shown, for example, by the map of the “World’s Biggest Data Breaches & Hacks” which is both impressive and frightening at the same time. The National Cyber Security Centre (NCSC) also recently confirmed that the total number of reports of cyber incidents in Switzerland increased again in 2022.
What follows are some of the events that have particularly stuck in our minds.
Covid-19: virus and malware accelerators
To get a better understanding of today’s threat landscape, let’s go back a few years to unforgettable 2020, when the world ‘before’ was turned upside down by the Covid-19 pandemic. Incorrectly configured networks, the rapid shift to remote working environments and increased demands on IT security all created a massive risk landscape. Consequently, over three times more malware attacks were recorded in 2020 than in the previous year. In 2021, the number of attacks increased again by about 125 %. What about 2022? Concrete projections over the whole year are still scarce at the moment. The NCSC, however, surprisingly reported that the ransomware attacks reported to them have remained almost constant compared to the previous year, although the number is of course still worryingly high. Nevertheless, it is important to bear in mind here that this only concerns the reported attacks in Switzerland. The number of unreported cases is likely to be higher, as usual, and developments abroad are probably different. Incidentally, the NCSC warns against the malware “LockBit” (see below) and increasing double extortion.
The most threatening, persistent types of malware
On the basis of different studies and analysis of large companies, the following three types of malware caused the greatest fear and devastation in 2022:
- Emotet: Emotet was first identified in 2014, then briefly went off the radar, only to rampage back last year, making a name for itself as the world’s most successful botnet. It operates as malware disguised in spam emails that are sent to billions of recipients every day.
- LockBit: This malicious code first appeared in 2019 as part of “ransomware as a service” (RaaS). Alongside theft of data with blackmail, LockBit uses DDoS attacks to shut down entire systems.
- Conti: Similarly, this is a RaaS malware which, due to a politically motivated leak, disappeared for a short time in early 2022. However, the shutdown did not last long, with Conti reappearing and causing major damage again using different names like as BlackCat and BlackByte.
Cyber War – the digital phishing war
Russia’s invasion of Ukraine has deeply impacted the cyber threat landscape. Since the start of the war, there have been around eight times more phishing attacks originating from Russia, primarily targeting European and US companies. However, cyber attacks have not only increased outside Russia, but also within the country itself – it’s a real cyber war where everyone is being hit hard. Even aside from geopolitical events, once again phishing has been one of the most common forms of attack (approx. 57 % of all attacks launched on SMEs). It’s no wonder, with an estimated 15 billion spam emails per day, of which Google “only” manages 100 million per day. In Switzerland, too, the numbers “exploded” in 2022 according to the NCSC, with the number of falsified emails from law enforcement agencies and spoofing calls (i.e., fake telephone numbers) from abroad for attack purposes being particularly noticeable.
Studies show that phishing emails are the entry point for over 90 % of all cyber attacks, and there is a wide variety of them. As well as “standard” phishing, spear phishing and whaling – more targeted, often meticulously prepared attacks – are on the increase, and new methods are also being developed like voice phishing coupled with deep fake technology. Artificial intelligence enables genuine voices, like those of bosses, to be imitated and exploited, and who knows: in a few years, you might even be holding a virtual meeting with someone you think is your boss, but it is actually a cybercriminal.
In addition to the widespread, well-known phishing method, the increase in social media phishing, especially on LinkedIn, could also be seen. For instance, new members are singled out for contact, with the people sending them posing as reputable people with management roles in order to raise their interest and credibility, with others pretending to be recruiters or headhunters and trying to get data that way.
Speaking of phishing: Bet you don’t know all the tricks of the cyber criminals? In our free phishing poster, you will find helpful tips and tricks to easily unmask phishing emails.
The domino effect: cyber-attacks on supply chains
Events over the last few years have shown how important it is to have well-functioning supply chains. In fact, they are vital. However, as technology advances, they are also becoming more interconnected and complex, which is why cyber attacks on supply chains can affect a broad ecosystem that includes partners, customers, employees, investors, etc. Awareness of what are known as third-party risks is also increasing due to vulnerabilities in heavily used systems. For instance, in June 2022, a serious vulnerability was discovered in Atlassian Confluence, one of the world’s most widely used systems. Maybe you remember the attack on the identity provider Okta last year? These are just two examples of attacks affecting numerous parties in the supply chain. Such events can neither be anticipated nor completely prevented – certainly not by you – but it is important to keep an eye on the whole cyber threat landscape including the supply chain and build your own protective walls as high as possible.
What cyber-threats are awaiting us in 2023?
Even though the cyber threat landscape is undergoing constant change, there are topics that will have a familiar ring to you that will be remaining with us. You are bound to come across the following three topics more often in 2023:
Cybercrime as a service
Ransomware as a service was certainly a buzzword heard more frequently in 2022. Of course, it's not just ransomware that is sent, but any kind of malicious code, and it is generally referred to as cybercrime-as-a-service. The principle here is that malware is sold or rented on the darknet in a similar way to software, and technical support is often included. This means that cyber criminals can create a new, easily scalable business sector for themselves and at the same time, the obstacles are massively reduced for “cybercrime beginners”, with the number and the professionalism of attacks alarmingly on the rise.
Smart but often unsafe: IoT
The Internet of Things (IoT) is already a big issue in the supply chain attacks mentioned above, but it’s not the only issue. Our world is becoming more and more connected, whether in industry, smart city projects, healthcare or the car industry, where there has already been a need for extensive recalls due to security concerns. It is estimated that by 2025, there will be some 75.4 billion connected devices worldwide, so it’s not surprising that cybercriminals are looking to exploit this fact. Especially with what would appear to be less critical devices like smart home devices, security is being doubly compromised in order to keep development and production times as short as possible and get products to market as quickly as possible.
What is clear is that IoT makes its own demands on IT and cyber security. It remains to be seen whether IoT security will be taken more seriously in 2023, or whether the number and scale of attacks will continue to grow. What can you do yourself? Get an overview of your networked devices (IoT/OT), check their security, patch them regularly, segment networks consistently and constantly monitor them for any abnormal activity.
Definitely overcast: The cloud is in cybercriminals’ sights
Migration to the cloud has been an issue, not only since the move to remote/hybrid working, but it is definitely on the increase and the trend is continuing to rise. This of course goes hand in hand with increasing demands on cyber/cloud security, because having access to files, resources and applications from anywhere brings with it an enormous potential for risk. There are also data protection issues here, for example when a large amount of customer data is hosted in the cloud. The advice here is that major providers like Microsoft Azure and Google Cloud often have strong security measures in place, but the errors frequently occur on the client side. These cloud environment risks urgently need to be reduced in 2023, for example with targeted external audits of the Microsoft Azure configuration ("One-Time Hunting Light").
Not a cyber trend: prevention before reaction
Cyber criminals’ methods are constantly evolving. The threat situation to date and in the future make it clear that companies need to be proactive and put comprehensive cyber security – from governance and secure network architecture to attack detection and defence – at the top of the agenda. But where do priorities need to be set? We recommend that you get your IT landscape regularly checked via external audits, for example based on cyber attack simulations or breach detection audits. This will provide you with an accurate overview of your security status, enabling you to take targeted action.
As is the case in many other companies, anyone lacking the resources or expertise to be able to manage diverse, complex threats in-house would be well advised to use an external provider to provide managed security services. This involves experts monitoring the customer’s infrastructure round the clock from a dedicated security operations centre and, in the event of any danger, intervening at an early stage.
Sounds interesting? More Information on these and other services is available in our cyber security portfolio.