Threat Reports 2023

Review & Summary of Trend Micro 2023 Annual Cybersecurity Report – Calibrating Expansion

crceriskby
Leave a Comment on Review & Summary of Trend Micro 2023 Annual Cybersecurity Report – Calibrating Expansion

Introduction

The Trend Micro 2023 Annual Cybersecurity Report, titled “Calibrating Expansion,” offers an extensive analysis of the evolving cybersecurity landscape. With detailed insights into advanced persistent threats, ransomware, cloud security, and more, this report is a critical resource for organizations seeking to enhance their cybersecurity posture. In this blog post, we summarize and review the report’s key findings, providing actionable insights for cybersecurity professionals and decision-makers.

Advanced Persistent Threat (APT) Campaigns

The report highlights several significant APT campaigns that were active throughout 2023, illustrating the sophisticated methods used by threat actors:

  1. APT28’s NTLMv2 Hash Relay Attacks: This campaign, active from April 2022 to August 2023, primarily targeted organizations in foreign affairs, energy, defense, and transportation sectors. The attackers employed NTLMv2 hash relay techniques and exploited CVE-2023-23397, which was patched in March 2023.
  2. Earth Lusca: Operating from January to June 2023, Earth Lusca targeted government departments involved in foreign affairs, technology, and telecommunications across Southeast Asia, Central Asia, and the Balkans. Their attacks focused on public-facing servers and utilized a Linux-targeted backdoor named SprySOCKS.
  3. Kimsuky: Known for its cyberespionage activities, Kimsuky continued its operations in April 2022 and April-May 2023, targeting individuals and organizations related to the Democratic People’s Republic of Korea. The group’s attacks aimed to gather geopolitical, diplomatic, and military information.

These campaigns underscore the persistent and evolving nature of APT threats, highlighting the need for robust security measures and continuous monitoring.

Ransomware Threats

Ransomware remains a pervasive threat, with attackers employing increasingly sophisticated tactics in 2023:

  1. Remote Encryption: Observed in ransomware groups like Akira, BlackCat, BlackMatter, and LockBit, this tactic involves mapping drives to encrypt data on affected endpoints, reducing the attack footprint to avoid detection.
  2. Intermittent Encryption: Used by groups such as NoEscape, BlackBasta, and BlackCat, this technique encrypts chunks of data rather than the entire dataset, speeding up the encryption process and complicating decryption.
  3. EDR Bypass using Unmonitored VMs: Akira and BlackCat have been noted for creating unmonitored virtual machines to bypass Endpoint Detection and Response (EDR) systems, allowing them to navigate, map, and encrypt files within Windows Hyper-V environments.

Statistics on Ransomware Detections:

  • There has been a general downward trend in ransomware detections from 2021 to 2023, with detections averaging less than half of the recorded detections in 2020.
  • The use of Living-Off-The-Land Binaries and Scripts (LOLBINs/LOLBAs), Bring Your Own Vulnerable Driver (BYOVD), zero-day exploits, and AV termination have increased, suggesting that attackers are using more effective ways to evade preliminary detection.

Cloud and Enterprise Threats

Cloud environments and enterprise systems remain high-priority targets for cybercriminals. The report identifies key areas of concern:

  1. Top Industries Affected: Financial services, healthcare, technology, and manufacturing sectors are the most targeted, underscoring the need for tailored security measures in these industries.
  2. Home Network Security: With the increase in remote work, desktops and laptops are the primary targets for cyberattacks, highlighting the importance of securing home networks and devices used for work purposes.

Statistics on Home Network Security:

  • Desktops and laptops recorded the most inbound attack detections, with 862.8 million detections.
  • Smartphones and tablets followed with 198.7 million and 105.7 million detections, respectively.

MITRE ATT&CK Detections

The MITRE ATT&CK framework provides a comprehensive view of the tactics, techniques, and procedures (TTPs) used by attackers. The report identifies the top five tactics detected:

  1. Defense Evasion: Techniques to avoid detection, including Living-Off-The-Land (LOTL) tactics using tools like Mimikatz and Cobalt Strike.
  2. Command and Control: Maintaining communication with compromised systems to execute commands and exfiltrate data.
  3. Initial Access: Techniques used to gain a foothold within the victim’s network, often through phishing, exploits, or stolen credentials.

Trends in MITRE ATT&CK Detections:

  • Command and Control showed a gradual increase from September to December.
  • Defense Evasion peaked in March and July before declining in customer detections in subsequent months.
  • Execution entered the top three TTPs detected in July and August, while Impact showed no clear trend despite a spike in November.

Threat Landscape

The global threat landscape remains dynamic, with significant malware activity observed in countries like Japan, the United States, and Brazil. Key malware families include:

  1. CoinMiner: A cryptocurrency mining malware that overtook other notorious malware families in 2023. CoinMiner exploits vulnerabilities to use victims’ CPU and GPU resources for mining cryptocurrency.
  2. Webshell: Continues to be a go-to tool for threat actors, exploiting vulnerabilities in internet-facing web servers to gain access and deploy further payloads.

Statistics on Malware Detections:

  • Japan recorded the highest number of malware detections with 1,169,219,233 incidents, primarily targeting manufacturing, education, and healthcare sectors.
  • The United States followed with 993,996,354 detections, affecting healthcare, technology, and manufacturing sectors.
  • Brazil, India, and Italy also reported high malware detection counts, with significant activity in government, education, and financial sectors.

Email Threats

Email continues to be a primary vector for cyberattacks, with significant activity observed in:

  1. Top Countries Affected: The United States, China, and Germany are the most affected countries, with business email compromise (BEC) and phishing URLs being prevalent threats.
  2. High-Risk Email Threats: Despite a decrease in malicious and phishing URL detections, there is an increase in malware detection count and BEC, indicating a shift towards more targeted and sophisticated email attacks.

Statistics on Email Threats:

  • The United States reported over 10.4 billion email threats, followed by China with 2 billion, and Germany with 1.1 billion.
  • High-risk email threats have shown a 349% increase in BEC count and a 16% increase in malware detections from 2022 to 2023.

Vulnerabilities and Exploits

The report emphasizes the importance of addressing vulnerabilities, particularly those related to zero-day exploits. Key recommendations include:

  1. Regular Patching: Ensure that systems and applications are regularly updated with the latest security patches.
  2. Prevention Rules: Apply prevention rules from security products to protect against vulnerabilities.
  3. Security Awareness Training: Educate employees on identifying and avoiding risky websites and links, as human negligence remains a significant vulnerability.

Statistics on Vulnerabilities:

  • A total of 1,913 zero-day vulnerabilities were published in 2023, compared to 1,706 in 2022.
  • The top three riskiest unpatched CVEs are CVE-2023-2488 (Windows SmartScreen Security Feature Bypass), CVE-2023-21823 (Windows Graphics Component Remote Code Execution), and CVE-2023-23376 (Windows Common File Log System Driver Elevation of Privilege).

Conclusion

The 2023 Annual Cybersecurity Report underscores the evolving nature of cyber threats and the importance of adaptive, multi-layered security strategies. Organizations must stay vigilant, continuously update their defenses, and educate their employees to navigate the complex cybersecurity landscape effectively.

For more detailed insights and recommendations, downloading the full “Calibrating Expansion: 2023 Annual Cybersecurity Report” is highly recommended. Staying informed and proactive is key to maintaining robust cybersecurity in today’s digital world.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Cyber Risk Countermeasures Education (CRCE)

Subscribe now to keep reading and get access to the full archive.

Continue reading