Network Infrastructure Emerges as Prime Target in 2023 Cyber Threat Landscape
In an era where cybersecurity incidents are steadily climbing, the Cisco Talos Intelligence Group’s ‘Year in Review 2023′ report serves as a reflective mirror, showcasing the evolving threats across the digital spectrum. Based in Dubai, United Arab Emirates, Cisco Talos – one of the leading commercial threat intelligence teams globally – has meticulously compiled data and insights that underscore the cyber challenges faced over the past year.
The report unravels a concerning trend, where major geopolitical events and global cyberattacks have significantly influenced suspicious network activities. The findings further cement the unwelcome title of LockBit as the foremost global ransomware threat for a second year in a row. The healthcare sector, vulnerable due to limited funding and low tolerance for downtime, has been particularly targeted.
Fady Younes, Senior Director for Cybersecurity at Cisco Middle East and Africa, emphasizes the importance of the collected data in combatting cyber threats. “The Talos yearly report is a trove of information on the dynamic nature of cyber threats,” he states. “The complexity of cybercrimes is ever-increasing, and thanks to Cisco’s global footprint and Talos’ unparalleled expertise, we’re equipped with extensive data from endpoint detections, network traffic analyses, and more. This invaluable resource aids not just us but our customers and partners in fortifying cybersecurity resilience across the region.”
2023’s Foremost Cybersecurity Concerns
Within the myriad of cyber threats encountered, several have stood out in 2023 for their frequency and impact:
Network Infrastructure at Risk
The past year has seen a discernable spike in sophisticated attacks targeting network infrastructure, often orchestrated by state-sponsored entities with espionage and stealth operations in mind. The exploitation of device vulnerabilities, particularly those classified as critical or severe, alongside weak credentials, remains a predominant avenue of attack.
Ransomware and Its Predecessors
Matching last year’s trend, ransomware and precursors to ransomware incidents have consistently impacted customers, accounting for 20% of Talos Incident Response (IR) incidents. The health sector has been the primary victim, underscoring its appeal to cybercriminals due to its critical nature. LockBit, leading the ransomware domain, and its affiliates have contributed to more than a quarter of the victim posts on data leak sites, spanning approximately 40 ransomware groups monitored by Talos IR.
Telemetry Trends
Cisco’s telemetry insights have highlighted a surge in suspicious network traffic correlating with major geopolitical occurrences. Cyber adversaries have increasingly leveraged social engineering tactics, employing spoofing of well-known brands and the misuse of common file extensions to orchestrate phishing and business email compromise (BEC) incidents. In a notable adaptation to Microsoft’s macro-disabling strategy in 2022, criminals are now diversifying their malware delivery methods. A significant rise in the use of PDF files as malware carriers was observed, marking them as the most frequently blocked file extension over the year.
As the digital realm continues to expand, the report from Cisco Talos Intelligence Group serves as a critical reminder of the persistent and evolving threats within the cybersecurity landscape. With network infrastructure becoming a prime target and ransomware maintaining its dominance, the findings offer essential insights for cybersecurity professionals and organizations looking to strengthen their defenses against these formidable challenges.
