Once again, Arctic Wolf has taken the temperature of organizations across the globe to determine how the cybersecurity landscape of 2022 is shaping their 2023 concerns and actions. While the survey covered a number of topics, one stood out: ransomware. 48% of organizations ranked ransomware as their number one concern for the coming year. While that’s down from 70% in 2022, it doesn’t mean that ransomware is going away.

The financial services industry is under constant threat from cybercriminals, thanks to the large amounts of money and data they move and store. In fact, financial services businesses suffer 300 times more cyber-attacks than companies in other sectors, and the cost of downtime is among the highest in any industry. 57% of IT professionals say their organizations can’t tolerate the loss of mission-critical applications for a full hour, with 15% reporting they can’t tolerate ANY downtime.

As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware intrusion that exploited a Mitel MiVoice VoIP appliance, we have observed a shift in the group’s Tactics, Techniques, and Procedures (TTPs).

On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities were discovered by Fortinet’s Product Security team.

Last year cyber threats were at the forefront of many business leaders. Not only did the Australian Cyber Security Centre (ACSC), receive over 76,000 cybercrime reports, an increase of 13 percent from the previous financial year, major cybersecurity incidents at Optus, Medibank, and others made cybersecurity a top of mind issue for many in Australia and New Zealand.

Cybercrime is on the rise. This trillion-dollar industry is only gaining momentum with ransomware and business email compromise attacks, and recent trends show that the odds of becoming a breach victim are about 50%. Not to mention that the skills shortage gap continues to plague organizations, with many stating they would need five or more employees to fill it.

Since 2017, an upwards trend of vulnerabilities has been observed, reported to, and analyzed by the National Institute of Standards and Technology (NIST). According to the National Vulnerability Database (NVD), there were more than 25,200 vulnerabilities published in 2022, making it another record-breaking year, with an increase of 25% compared to 2021. That’s a five-time increase over the past decade.

The 2023 Arctic Wolf State of Cybersecurity Trends Report takes the temperature of organizations around the globe to understand not only their current and future concerns, but how they are responding today to the problems that plagued them in previous years. Our research shows that despite the enduring nature of many of these challenges, organizations are making measurable strides in areas where progress has proven limited in previous years.

When Arctic Wolf surveyed over 900 decision makers across the globe, an area of cybersecurity that kept reappearing in responses was cloud security. Last year, cloud adoption rate was at 99% but only 19% of those organizations were implementing cloud security posture management (CSPM) solutions. As cloud-originated breaches increase, it’s no surprise then that cloud concerns are also rising.

On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited in the wild. These vulnerabilities impact Windows systems and Exchange servers.

In December 2022, the FCC opened a call for comment requesting stakeholders provide input on whether E-Rate program funds can be used to support advanced or next-generation firewalls and services, as well as other network security services. For those unfamiliar with the program, E-Rate is a Federal Communications Commission (FCC) program that provides funding to schools and libraries for telecommunications and internet services.

A great deal of focus in the cybersecurity industry is placed on the dangers threat actors pose to small and medium-sized businesses. For good reason, too. These organizations often lack the budget and staffing required to provide 24×7 monitoring, detection, and response, leaving them exposed to attack. These same factors can find them incapable of mounting a robust incident response plan post-breach.

The names of over 1.5 million individuals were published on the dark web in January after ahacker gained access to the TSA’s “No Fly List.” That’s a lot of names (including aliases and birth dates), so why wasn’t the list secure, and how did it get leaked? The entire breach came down to one small business with one misconfigured server.

Arctic Wolf has observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments. Unlike malicious Word and Excel files, infected OneNote files do not require the security prompt asking the end-user to allow macros, thus increasing the chances of unknowingly running the malicious executable.

Vulnerabilities cause the majority of cybercrime. There are always new vulnerabilities appearing as software gets updated and as cyber criminals work behind the scenes to find new backdoors to organizations’ systems. In the first half of 2022 alone, 81% of incidents happened through an external exposure — either a known vulnerability or a remote desktop protocol. The sheer volume of vulnerabilities grew again in 2022, with over 25,000 recorded, and over 800 have been actively exploited.

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code execution vulnerability being actively exploited in the wild. Exploitation of this vulnerability could allow sensitive data to be leaked and potentially used for extortion.

The new year is upon us, but from a cybersecurity perspective, things look much the same as they did last year. January brought fresh attacks on a pair of familiar targets, high-stakes escalations in the ransomware game, and questionable crisis management from a high-profile victim. In other words, business as usual for cybercriminals! Let’s look at a few noteworthy cybercrimes from January 2023.

Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially over the weekend, with approximately 3,000 victims worldwide as of early-Monday morning. Based on reporting from OVH, the threat actors behind this campaign are likely leveraging a nearly two year old heap overflow vulnerability (CVE-2021-21974) in VMware ESXi’s OpenSLP service.

Say what you want about bots, but you have to admire their versatility. Bots do everything from rank Google results and serve up cat photos on your Facebook feed, to sway elections and defraud retailers. Basically, they’re quite flexible. These days, bad bots are big business, with cybercriminals around the world using them to fraudulently access accounts, attack networks, and steal data.

On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.

Having a security operations center (SOC) to protect and secure your data is no longer optional. As cyber criminals grow more sophisticated and modern complexities (remote work, the cloud, international operations) increase cybersecurity risks, a SOC becomes a critical line of defense. It works proactively and reactively and can help an organization advance their security posture while dealing with immediate threats.