While there have been major developments in areas such as data security, cloud computing, and artificial intelligence over the past year, threat actors are becoming increasingly aggressive, sophisticated, and in some cases, coordinated, and targeted. Organizations must remain vigilant of the evolution of the cybersecurity landscape in order to implement effective strategies to keep their networks safe from potential threats. In 2022, we observed a number of significant trends and moments that shaped the state of play for organizations around the world. In this article, we will look at the key cybersecurity trends and moments that defined 2022, as well as predictions for 2023
The Trends that Defined the Cyber Threat Landscape in 2022
#1 Nation-state threats continued to rise alongside geopolitical turmoil.
Major geopolitical events in 2022 have contributed to a dramatic shift in cybersecurity threat actors and the way data privacy is handled. In particular, malicious activity around the world has highlighted the need for increased security measures to protect against nation-state threat actors, prompting governments around the world to implement new cybersecurity regulations. Below are the most noteworthy nation-state threat actors of 2022:
- Russia has increased its activity but has become more opportunistic and less coordinated in its cyberattacks on Ukraine. The Russian Federation stood out as a major threat actor in cybersecurity due to the cyber-attacks they conducted. A significant portion of Russian-based threat activity was directed at Ukraine-based entities and their allies. Multiple government entities in Costa Rica were breached, and ransomware campaigns and data breaches targeted companies and healthcare organizations worldwide. US companies reported a 16% increase in cyber-attacks attributed to Russia since the invasion of Ukraine. [1] However, when it comes to attacking Ukrainian infrastructure, opportunistic events by Russian hackers became more common, unlike the beginning of the war, when assaults were far more sophisticated and coordinated. [2] Even so, at least since May 2022, pro-Russian groups such as Killnet and Sandworm have conducted targeted attacks in support of Russia's interests, ranging from Lithuanian to U.S. state government websites.
- China conducted cyberattacks and built up an arsenal of zero-day vulnerabilities. The People’s Republic of China was also a major threat actor in 2022, as evidenced by the Billbug (a.k.a. Thrip, Lotus Blossom, Spring Dragon) campaign targeting certificate authorities, government agencies and defense organizations in multiple countries. [*][3] Furthermore, China's ability to identify and stockpile zero-day vulnerabilities before other nations has been bolstered by a law implemented in 2021 that requires all Chinese entities to report discovered vulnerabilities to the government before any other disclosures are made. The success of this law is evidenced by the fact that 2022 saw reduced levels of public disclosure of cybersecurity vulnerabilities coming from China compared to previous years, while at the same time there was an increase in anonymous reports. All this points towards an arsenal of unreported software vulnerabilities at the disposal of the Chinese government [4].
- Iran was particularly aggressive with a number of destructive attacks. Iran was a relevant cyber threat in 2022 given its aggressive behavior following a transition of presidential power. Iran demonstrated its capabilities to launch destructive attacks by setting off emergency rocket sirens in Israel. [5] Furthermore, Iranian actors have been engaging in ransomware attacks for nation-state targets with no intent to ever provide the key, suggesting an intention to cause destruction rather than gain financially from the attack. This activity was evidenced when the Albanian government severed diplomatic ties with Iran following a July 15 ransomware attack that temporarily shut down numerous Albanian government digital services and websites.
[6] The sophistication and aggression of these activities indicate why Iran was considered a significant cybersecurity threat in 2022.
- North Korea continues to target critical industries with ransomware. The Democratic People’s Republic of Korea engaged in cyber activity using its most notorious threat group, Lazarus. Spear phishing campaigns used fake job offers from companies such as Amazon and Coinbase in an attempt to compromise sensitive data. State-sponsored actors employed various types of malware and ransomware to target critical industries like healthcare, energy, aerospace, and defense. For instance, two U.S-based healthcare providers had to pay ransoms in order to decrypt their systems. Overall, these incidents serve as a reminder for organizations to take proactive steps in protecting their data from cyber threats posed by North Korean actors. [7][8]
#2 Supply chain risks became deadlier with targeted critical infrastructure attacks.
Major supply chain disruptions have been caused by cyberattacks: NotPetya infiltrated Maersk's systems after a single computer was infected with malware in 2017, while hackers breached Colonial Pipeline in 2021 using compromised credentials. SolarWinds also suffered a major cyberattack in 2020, attributed to the compromise of third-party credentials and/or access. More recently in 2022, Okta was struck by LAPSUS$, [9] an attacker infiltrated GitHub using stolen OAuth app tokens, [10] and Comm100’s infrastructure was hijacked and a backdoor hidden in the chat installer. [11] Such events served as reminders of the importance of vigilance against various threat actors and maintaining protocols to protect supply chains, and have made companies aware of risks associated with software supply chain attacks in 2022: a survey by ReversingLabs showed that supply chain cybersecurity is high on security professional’s priority list, with 98% of people surveyed agreeing that the use of open source code and 3rd party software, coupled with potential threats from software tampering, are substantially raising their security risks. Furthermore, 87% are aware that this type of tampering can lead to serious security issues inside their business. [12] Furthermore, ICT infrastructure suppliers are increasingly being targeted by cybersecurity threat actors, as they provide a platform for the replication of malicious attacks, with pro-Russia hacker group Killnet even targeting the Eurovision Song Contest this year, albeit unsuccessfully. [13] As a consequence, global legislation and regulation pertaining to data privacy and supply chain security have also become more stringent, often with varying requirements between jurisdictions, and customer demand for resilient security solutions also growing rapidly. [14]
Some have opted to take steps to address these risks, with 53% of organizations planning to increase their cybersecurity spending for 2023. [15] According to research conducted by the Verizon DBIR, attacks on supply chains increased dramatically during 2022. Furthermore, these threats are made more complex due to the interconnected nature of global environments. As a result, 90% of supply chain leaders have indicated plans to pursue regionalization in order to mitigate these potential third-party risks. [16]
Notwithstanding initiatives to secure systems, supply chain attacks show no sign of declining considering the trend of recent years. Thus, professionals believe supply chain cyberattacks will continue to grow in number and sophistication. [17]
#3 The shift from “prevention” to “detection and response” continues.
The continued trend from 2021 of shifting cybersecurity focus from prevention to detection and response remained in full swing throughout 2022. Organizations were increasingly recognizing the need for proactive and effective threat hunting, incident response, data privacy protection, and more advanced security analytics capabilities. The emergence of new threat actors–especially those using artificial intelligence (AI) assisted tactics–kept organizations on their toes as malicious actors took advantage of vulnerabilities previously overlooked or left unprotected. In this shift, which will continue into 2023, the proliferation of the following developments is noteworthy:
- Managed Detection and Response (MDR) Systems: In 2022, managed detection and response (MDR) experienced rapid growth and adoption across the cybersecurity market. This is largely attributed to an increase in both complexity of cybersecurity threats and the number of threat actors targeting organizations. The ability of MDR solutions to quickly detect and respond to such threats has become increasingly attractive as organizations strive to reduce their time-to-detect and thus mitigate the impact of these events. The use of MDR also saw a shift from being limited to larger organizations with extensive resources, towards all sizes of organizations relying on it, due to its affordability, scalability, and flexibility. As more data privacy regulations are enacted, there is also an increased focus on data protection and compliance, including the need to detect and respond quickly to any potential security incidents. This accelerated the demand for MDR solutions in 2022. [18]
- Next Generation Antivirus (NGAV): In 2022, Next Generation Antiviruses (NGAVs) began to take center stage in cybersecurity due to the increasing sophistication of threat actors and the emergence of fileless attacks. As such, organizations realized that Legacy Antiviruses were no longer adequate in preventing cyberattacks, as attackers had found ways to bypass these defenses. To combat this, NGAV became a necessity as it provides proactive rather than reactive protection against both known and unknown threats. NGAV is cloud-based, meaning that deployment can take place within hours rather than months, with no additional hardware or software required. The burden of maintaining software, managing infrastructure, and updating signature databases is also eliminated. Additionally, customers are now able to install up to 70,000 agents in a single day. [19]
- Threat Intelligence: Threat intelligence is the use of data, analytics, and insights to identify, assess and respond to cyber threats. It is a proactive approach to cybersecurity that enables organizations to stay ahead of the rapidly evolving threat landscape. In 2022, the global market for Threat Intelligence was estimated to be US$7.3 Billion and is projected to reach a revised size of US$20.6 Billion by 2027, growing at a CAGR of 16% over the period 2020-2027. [20] This rapid increase can be attributed to changes in data privacy laws and regulations, an increased focus on data security by organizations worldwide and the rise of new sophisticated threat actors operating on a global scale. Law enforcement agencies are also now leveraging real-time threat intelligence to proactively combat human trafficking. [21]
Looking to the horizon: The trends that will define 2023
#1 The transition to hybrid or fully-cloud environments will accelerate.
The move to hybrid or fully-cloud-based infrastructures is a steady trend that organizations should be mindful of when investing in data protection. Mid-sized companies, in particular, have been embracing security partners that offer a range of services as opposed to relying on spot solutions and niche providers. As infrastructure moves into the cloud, the on-premises footprint diminishes, potentially leading to reduced security exposure; however, it also increases vulnerability to Cloud technologies and practices which require specialized skill sets and strategies for effective implementation. Organizations must remain cognizant of these changes and ensure robust cybersecurity trends, threat actors, and data privacy measures are in place as they continue their transition to hybrid or fully-cloud environments. It is essential to stay abreast of the latest cybersecurity trends and threats in order to protect confidential data and sensitive information.
Organizations must prioritize data privacy as they navigate their transition to cloud-based infrastructure, as it is pivotal for continued compliance, trustworthiness, and customer satisfaction. By taking a proactive approach to cybersecurity, organizations can ensure the continued transition to hybrid or fully-cloud environments is successful and secure.
#2 The economics of developing an in-house cybersecurity function will continue to tilt.
The economics of developing an in-house cybersecurity function have been a major concern for many businesses over the past few years. In 2022, this was no different, with the cost of cyber defense still largely outweighing the cost of attack.
As data privacy regulations become more robust and cyberattacks are increasingly sophisticated, it is likely that in-house cybersecurity functions will continue to be expensive for many companies. To minimize costs, some organizations may consider outsourcing part or all of their cybersecurity operations to third-party vendors. At the same time, there is a risk that these vendors may not be as secure or reliable as an in-house team.
Organizations looking to build their own cybersecurity defense must also weigh the value of investing in newer technologies like artificial intelligence (AI) and machine learning (ML). By capitalizing on automation and advanced analytics, teams can quickly identify malicious actors and protect against attacks more efficiently than ever before. However, the cost of implementing new tools can be expensive – especially for smaller businesses with limited resources.
As trends such as AI, ML and data privacy regulation continue to shape the cybersecurity landscape in 2023, budget-conscious companies must be mindful of the trade-offs they are making when deciding to invest in cybersecurity. The right balance between cost and security is essential for organizations looking to ensure a secure future.
#3 Artificial intelligence-driven automation tools will become more effective but will require greater expertise to leverage them.
As the sophistication of cyber threats continues to grow, so too has the demand for more advanced cybersecurity solutions. Artificial Intelligence (AI) and automation tools have become a critical part of the cybersecurity landscape in 2022. AI-driven automation tools are becoming increasingly effective at mitigating security threats and can identify potential threats before they become an issue. However, these automated solutions require greater expertise to use than ever before.
While it is advisable for organizations to adapt to stay ahead of their adversaries by embracing AI-driven tools, they also must be cognizant of this new need for more experienced and specifically trained professionals; organizations need access to a talent pipeline of experienced analysts who understand how and when to use these tools effectively. For example, new technologies such as machine learning can automate the process of identifying malicious actors, but analysts must still be able to accurately interpret the data and understand when an attack is imminent. Automated tools powered by advanced AI are more powerful than ever, but still require continuous management and maintenance in order to remain effective. As the market comes to terms with this reality, it is also probable that opportunities for flexible managed service providers will emerge.
Consequently, in 2023 there will be an increased demand for cybersecurity professionals with experience using AI-driven automation tools as organizations look to stay ahead of their adversaries. It is likely that this trend will continue throughout the next year and beyond.
#4 Regulation and regulatory scrutiny will continue to intensify.
Regulation and regulatory scrutiny have become increasingly important in the cybersecurity industry due to the prevalence of cyber threats. This has led to an expansion of legislation designed to protect companies and individuals from cyber-attacks, safeguarding their data and privacy. Regulatory oversight in the industry will continue to intensify as organizations become increasingly aware of the need for secure practices when handling highly sensitive information. Companies must now implement stringent security measures, such as encryption methods and layered access control, or face significant financial and reputational penalties if a breach occurs. Going forward, organizations must strive to stay up to date on current regulations, invest in technologies that can help meet compliance requirements, and take a proactive approach to cybersecurity while doing their utmost to protect their customers' information from malicious actors.
© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
This article was edited by Ander Ugalde, an Associate in Ankura's New York office, and Hunter Voegele, a Director in Ankura's Washington, DC Office.
[*] Despite Billbug’s activity only having been noticed in early March 2022, the state-sponsored group is thought to have been operating for over a decade.
References:
[1] Cybersecurity: A Year in Review; Nasdaq, 2022.
[2] Ukraine: Russian cyber attacks aimless and opportunistic; TechTarget, 2022.
[3] Chinese hackers target government agencies and defense orgs; Bleeping Computer, 2022.
[4] China is likely stockpiling and deploying vulnerabilities, says Microsoft; The Register, 2022.
[5] False Air Raid Sirens in Israel Possibly Triggered by Iranian Cyberattack; Security Week, 2022.
[6] Albania severs diplomatic ties with Iran over cyber-attack; BBC, 2022.
[7] APT trends report Q3 2022; SecureList, 2022.
[8] Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector; Cybersecurity & Infrastructure Security Agency, 2022.
[9] Updated Okta Statement on LAPSUS$; okta, 2022.
[10] Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators; GitHub Blog, 2022.
[11] Comm100 Installer Abused in Supply Chain Attack to Distribute Malware; SOC Radar, 2022.
[12] Survey finds software supply chain security top of mind for dev teams — but tampering detection lags; ReversingLabs, 2022.
[13] Eurovision 2022: Russian vote hacking attempt foiled, police say; BBC, 2022.
[14] As CIOs tighten tech spend, demand for cybersecurity services grows; CIO Dive, 2022.
[15] Cybersecurity spending and economic headwinds in 2023; CSO, 2023.
[16] Why Cybersecurity Has Never Been More Important for the Supply Chain Sector; SupplyChainBrain, 2022.
[17] Attacks on Software Supply Chains To Increase in Severity in 2023: Report; Spiceworks, 2022.
[18] WHAT IS MANAGED DETECTION AND RESPONSE (MDR)?; CrowdStrike, 2022.
[19] WHAT IS NEXT-GENERATION ANTIVIRUS (NGAV)?; CrowdStrike, 2021.
[20] Global Threat Intelligence Market to Reach $20.6 Billion by 2027; GlobeNewswire, 2022.
[21] Combating Human Trafficking With Threat Intelligence — Prosecution; Recorded Future, 2022.
