Columnists

Brace for more cyberattacks in 2023

LOOKING back at 2022 is instructive as you prepare your cybersecurity approach for 2023. It helps guide your security approach and helps prepare employees and systems for the year ahead.

For example, some state-backed attacks focus on stealing intellectual property from technology companies. Other state-based attacks are focused on stealing funds.

Knowing this, technology companies need to better protect their IP, while non-tech companies need to implement stronger security policies around financial transfers.

Cyberattacks hit the headlines throughout the year. Surveys found that 72 per cent of Malaysian organisations were breached in 2022.

In May, 22.5 million Malaysians' personal data was leaked onto the dark web.

We saw a tremendous increase in the Asia Pacific region in identity-based attacks and it emerged as a leading threat vector behind major data breaches.

Chinese hackers also made headlines in 2022, but that only tells a small piece of the cyber-aggression in the region. State-backed advanced persistent threat (APT) groups targeted government entities, non-profits, religious, and non-governmental organisations across the Asia Pacific.

Business email compromise (BEC) attacks proved themselves to be more profitable than ransomware, costing organisations over US$2.4 billion in 2021 and more than US$43 billion since 2013.

We have also seen a rise in collaboration between initial access brokers and the use of traditional malware. This collaboration grants access to a network for reconnaissance, followed by the use of specialised tools to disable EDR protections.

This makes it particularly challenging for organisations to stay safe from highly-organised attacks.

We believe identity-based attacks leading to data breaches will continue to be the leading attack vector in Malaysia. For threat actors, targeting identity and access management gaps through compromised credentials is the fastest path to a target's resources and critical data.

Attackers recognise that the Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive data, instal backdoors into the system, and alter security policies.

The shift to hybrid work and cloud storage has made identity the new perimeter. Businesses need to detect and respond effectively to breaches with an effective Identity Threat Detection and Response (ITDR) to protect against threats at every stage.

Despite Russia's war in Ukraine, or perhaps because of it, we did not see any slowdown in Russian-based ransomware attacks. There's no reason to believe these types of attacks will slow down in 2023.

Financially motivated groups will continue to conduct opportunistic attacks built on social engineering techniques to gain credentials and access. They also prefer attacks built into the supply chain, such as Microsoft Exchange servers. These types of attacks enable threat actors to compromise thousands of organisations around the globe.

Geopolitics will continue to play a large role in cyberattacks. As the war in Ukraine continues, Russia is expected to continue trying to attack critical infrastructure systems in the Asia Pacific, Europe and the United States.

Meanwhile, Chinese threat actors are also expected to continue with attacks as tensions with the South China Sea continue to prevail. These attacks might be conducted through supply chain operations and BEC attempts, based on previous attacks.

Companies in the region need to understand that they are a target of an opportunistic or targeted attack. Opportunistic attacks take place when a threat actor gets hold of credentials and launches an attack, usually trying to steal money. These types of attacks involve malware files and can be implemented by anyone who gains access to a system.

Targeted attacks are directed at a specific company with a specific goal in mind. It may be sabotage, an attempt to steal IP, or to shut down an aggressive government agency. These attacks generally take much longer to plan and implement than opportunistic attacks.

The attack vectors for both types of attacks include phishing, BEC, malvertising and spoofed websites.

For many of these scenarios, internal training and adherence to best practices reduce the attack surface. Your IT team should be diligent about upgrading, patching and maintaining software and systems.

It's also essential to deploy automated endpoint detection and response (EDR) and extended detection and response (XDR) security systems to identify, contain and destroy malicious software.

Every company in the region should also improve their security posture by implementing identity security policies. Additionally, they should minimise their attack surface and monitor threat intelligence so they know what to expect. Following these guidelines should help keep your company safe in 2023.

The writer is WatchTower Threat Hunting Manager - Asia Pacific

Most Popular
Related Article
Says Stories