At a Glance: The Year in Cybersecurity 2023
At a Glance: The Year in Cybersecurity 2023
As 2023 closes, it’s worth reviewing what, exactly, just happened within the cybersecurity landscape over the last twelve months.
From a surge in zero-day attacks to a need to consolidate security stacks for safety, we’ve seen some notable challenges, trends, and threats.
In this post, we’ll take a quick, non-comprehensive look at trends and news from 2023, and see what insights they could hold for the years ahead.
Significant Cyber Security Incidents of 2023
Reviews of any year within the past decade or so will deliver some eye-popping breaches, but one of the points worth flagging for 2023 is the volume of attacks.
It’s worth noting, too, that while the overall number of data breaches and leaks has grown from 1,802 in 2022 to 2,116 in 2023, the actual number of victims this year is lower. As of October, 233.9 million people have been affected by data breaches and leaks, compared to 425 million in all of 2022. Of course, that could change once all the data is in for the year, but it remains an interesting point.
In terms of specifics, one of the biggest data breaches of the year was, undoubtedly, DarkBeam. Hackers managed to sneak into the threat management provider and steal more than 3.8 billion usernames and passwords. The company, which had reported more than a million dollars in revenue, is now uncertain whether they can rebuild their reputation. Investigators believe they potentially now understand how the break-in occurred: human error. Apparently, a user forgot to change a password after maintenance.
Another noteworthy breach in 2023 was that of Kid Security, a popular parental control app that helps parents monitor their children’s online activity. In mid-September, a security researcher discovered that more than 300 million records had been compromised, including more than 30,000 email addresses and 21,000 phone numbers. Some even believe payment information was leaked, too. The reason? The Readme bot. The result? An injected ransom note and a bitcoin wallet to send payment.
Also worth a mention is that, in October, the ICMR (Indian Council of Medical Research) lost 815 million records, which went for sale on the dark web in November. The data includes names, ages, addresses, genders, passport numbers, and government ID numbers. Elsewhere, the ancestry site, 23andMe, suffered a significant breach in October, with more than 20 million records (including genetic data profiles) leaked on a hacking forum.
Emerging Cybersecurity Threats in 2023
As incidents rise, the methods attackers are using continue to evolve.
Within Q3, phishing attacks were the most frequently reported cause, according to the ITRC, followed by zero-day attacks (attacks against a previously undisclosed software flaw for which there is no patch), ransomware, and malware attacks.
Zero-day attacks are very popular in 2023. According to ITRC, there’s been a 1,620 percent increase in zero-day attacks reported in the first three quarters of 2023 (86) compared to all of 2022 (5).
Below we’ll take a look at some of the more common attack trends that have so far ruled 2023.
Zero-day attacks target undiscovered vulnerabilities in software or hardware before developers can create and distribute a patch. These attacks are named “zero-day” because there are zero days of protection available when the exploit is first discovered.
Cybercriminals leverage these vulnerabilities to gain unauthorized access to a business’s systems, often with the intent of stealing sensitive information, compromising operations, or causing disruption. Due to the element of surprise and the lack of available defenses, zero-day attacks can be particularly devastating for organizations that may not have the time to respond effectively.
One key characteristic of zero-day attacks is their covert nature, making them difficult to detect using traditional security measures. Attackers meticulously exploit unknown vulnerabilities, making it challenging for cybersecurity professionals to identify and mitigate the threat before damage occurs. Businesses across various industries— including finance, healthcare, and critical infrastructure—are susceptible to these attacks, as cybercriminals seek to capitalize on valuable data or disrupt essential services. The stealthy nature of zero-day exploits allows attackers to infiltrate systems unnoticed, amplifying the potential impact on the targeted business.
Mitigating the risk of zero-day attacks requires a proactive approach to cybersecurity. Businesses must invest in advanced threat detection mechanisms, regularly update their security protocols, and foster a culture of cybersecurity awareness among employees. Collaborative efforts within the cybersecurity community are essential to share intelligence and develop effective countermeasures against these evolving threats. Additionally, maintaining a rapid response capability is crucial for organizations to swiftly deploy patches and updates once a zero-day vulnerability is discovered, reducing the window of opportunity for malicious actors to exploit the weakness.
Social engineering attacks
Sophisticated social engineering attacks—which leverage a mix of deception, persuasion, and exploitation—have grown more intricate and challenging to detect and defend against.
Spoofing, or the ability to make a communication from an unknown source appear as if it is from a known or trusted one, is a crucial element in sophisticated social engineering attacks. This can apply to various communication channels such as emails, phone calls, text messages, and websites.
We can see many real-life incidents that demonstrate the evolving nature of social engineering attacks. For example, the Gamaredon attacks on Ukraine have relied on spear phishing emails, and operate in rapid succession. Or thieves pretending to be Best Buy’s Geek Squad, in the TOAD attack.
These types of attacks are so malicious and widespread that Helen Wong, CEO of Singapore bank Oversea-Chinese Banking Corporation (OCBC) equated the tracking of fraudulent transfers to “fighting a war”.
Ransomware attacks have been around for a while, but they just keep multiplying, as they are a highly lucrative business model for cybercriminals. In fact, we have recently seen the emergence of Ransomware as a Service (RaaS)—something that has definitely lowered the technical barrier for launching an attack.
According to the Department of Homeland Security, ransomware attackers are on pace to have their second most profitable year ever, with an estimated $900 million in extortion in 2023. Unfortunately, these attacks focus on anything from hospitals, schools, and businesses, and are designed to exploit both well-known existing vulnerabilities and new zero-day vulnerabilities. So, they are particularly difficult to defend against.
Ransomware’s popularity represents a low-risk, high-reward scenario for cybercriminals. Little effort is required to access sensitive information and demand ransoms that can cause extensive harm to businesses, including small to medium-sized companies.
2023 Cybersecurity Trends
We have covered some high-profile incidents and the main evolutions in terms of threats. Now, let’s look at the cybersecurity trends for the year 2023.
Hybrid data centers
The rise of hybrid data centers is a significant trend, allowing organizations to scale their infrastructure as needed.
This trend is mainly driven by the increasing adoption of cloud computing and better infrastructure scalability.
With hybrid data centers, companies can seamlessly integrate and manage their on-premises infrastructure with public and private cloud environments, enabling them to dynamically adjust their computing and storage resources based on demand.
AI and automation
If 2022 was the year that artificial intelligence (AI) really blew people’s minds, 2023 was the year we saw it really implemented in systemic ways within businesses. The use of AI and automation in cybersecurity became more popular in 2023, with many businesses integrating these technologies into their security operations.
AI and automation can enable organizations to enhance their threat detection and response capabilities, and can help fight ransomware and multi-vector attacks. For instance, you can use them to continuously monitor user behavior and network traffic to quickly identify and mitigate potential risks.
The flipside is that AI is also being used by cyber-criminals. So, AI-powered security solutions can help organizations proactively identify and respond to emerging threats – but they must also be considered from an offensive perspective. For example, in 2023, many attackers have begun using ChatGPT to write extremely convincing phishing emails.
Remote workforce security
With the increase in remote work, there is a growing focus on securing remote access and endpoints, too. However, the shift to remote work has introduced new security challenges for organizations, as employees increasingly access corporate resources from outside the traditional network perimeter.
To address these challenges, many organizations are implementing secure access solutions, such as virtual private networks (VPNs) or zero-trust network access (ZTNA) solutions, to ensure that remote employees and third-party providers can securely connect to corporate resources. Additionally, many have invested in security awareness training to educate employees about best practices for remote work and to help them recognize and respond to potential security threats.
The vulnerability of Internet of Things (IoT) devices is a continuing trend for 2023, as the use of these devices grows. The increasing adoption of IoT devices has expanded the attack surface for cybercriminals. Many of them have security vulnerabilities that can be exploited to gain unauthorized access to corporate networks.
To address this trend, organizations have begun implementing robust security measures to protect their IoT devices, such as segmenting IoT devices from the corporate network and regularly updating the firmware and software on these devices to patch known security vulnerabilities.
As IT environments have become more diverse in 2023, companies are facing a massive expansion of potential attack vectors. As we have mentioned, a lot of these have also been amplified due to the use of cloud computing, IoT devices, and hybrid and remote workspaces.
So, on the one hand, organizations need to identify a wider range of potential attacks. And, on the other, they might have to rely on multiple applications and solutions. This trend will continue in the coming years, so consolidating and unifying your company’s cybersecurity is an extremely smart idea.
Considering the threats and trends we have covered so far, it should also come as no surprise that we’re in blooming opportunities for the cyber insurance market. Driving this growth are the expanding liabilities from cyber breaches and the increasing responsibility of boards and senior management for breaches. Specifically:
- Expanding liabilities: As the frequency and impact of cyber incidents continue to rise, organizations are seeking financial protection against potential losses, including legal expenses, regulatory fines, and the costs of remediation and recovery.
- Board and senior management responsibility: Boards and senior management are facing mounting pressure to take accountability for cybersecurity and data protection. Cyber insurance serves as a risk management tool that provides financial support and guidance to boards and senior management.
- Forcing function of cyber insurance: Cyber insurance providers often require policyholders to meet specific security standards and best practices, which incentivize organizations to invest in and prioritize cybersecurity to mitigate their risk exposure.
If this year shows us anything, it’s that the race against malicious actors will not just continue; it will probably worsen.
In light of these trends, organizations need to prioritize awareness and training to recognize and mitigate the risks associated with social engineering attacks, ransomware attacks, and others. So, implementing robust security measures and best practices is vital to help defend against these increasingly sophisticated threats.
Despite the ongoing threat of ransomware, there is no way to completely remove the risks; however, taking proactive steps can help mitigate the impact of these attacks.
Coro offers modular cybersecurity that snap together into a single, robust platform. Our platform simplifies your protection by using one dashboard, one endpoint agent, and one data engine to provide your company with enterprise-grade security. If you’re interested in learning more, check out a demo.