Cybercriminals are taking advantage of this increasingly interconnected environment to amplify their attacks. The number of weaponized vulnerabilities in enterprise software increased fourfold from the previous year. Some of the year’s most high-profile attacks targeting enterprise services, such as the MOVEit File Transfer Application exploit in May 2023, garnered attention due to the high volume of second- and third-party entities whose data was exposed. The ransomware gang behind MOVEit, CL0P, is estimated to have earned between $75 to $100 million in profit on that hack alone, suggesting these types of attacks will continue well into 2024.
Exploitation of enterprise software wasn’t the only way threat actors took advantage of trusted technologies and services. Abuse of legitimate internet services — such as messaging platforms and cloud services — was detected in almost 25% of malware families in one Recorded Future study, allowing threat actors to hide their command-and-control (C2) communications by blending in with ordinary traffic. Threat actors also increasingly incorporated exploits for Linux and macOS operating systems into their attack sequences, breaching the “walled garden” and allowing ransomware to be deployed on a wider variety of systems. Finally, threat actors compromised business process organizations (BPOs) to facilitate SIM swapping and other social engineering scams.
● Expanding attack surfaces increased the opportunity for mass exploitation of vulnerabilities: Throughout 2023, threat actors increasingly favored vulnerabilities that would allow theexploitation of multiple victim enterprises through a single vulnerability in a third-party product.The continued hybrid and remote work environment likely fueled this trend.
● Early malicious use of generative AI focused on social engineering and influence operations:Initial use cases for malicious use of generative AI have facilitated the creation of large amountsof convincing, fraudulent content. Modified versions of large language models (LLMs) for sale onthe dark web have made it easier for users to evade safety guardrails on legitimate tools.
● Software supply-chain attacks remain prevalent: The increasingly interdependent nature ofsoftware has allowed threat actors to exploit third- and fourth-party dependencies in new ways,such as through the first double-software supply-chain compromise.
● Criminals targeted business process organizations to facilitate social engineering: Socialengineering scams run through business process outsourcing (BPO) made it easier for criminalsto commit fraud, such as SIM swapping.
● Trusted tools are being abused through legitimate internet services: Threat actors increasingly exploited trusted tools and services to gain access to an organization’s infrastructure and remain undetected. This included abuse of cloud services for command-and-control.
● Regulation abuse failed to take hold: Ransomware and extortion campaigns experimented with new ways to coerce their victims into paying, including reporting their breach to regulators. However, the increased government scrutiny that followed likely made adversaries reconsider this extortion approach.
● Offensive tooling is increasingly targeting Linux and macOS systems: Ransomware kits continue to expand beyond Windows environments to provide the opportunity to exploit an expanded range of victims.
● The war in Gaza increased hacktivist activity, capitalizing on chaos: While most claims were false or exaggerated, hacktivist activity contributed to the terror and confusion surrounding the October 7 terrorist attack. Hacktivists are increasingly taking advantage of growing “grassroots” interest in their cause by selling exploits, DDoS-for-hire, and other services.
● Valid accounts are increasingly being used for initial access, while phishing tactics evolve: While phishing prevention measures have increased in sophistication, threat actors have adapted by adopting new phishing techniques and other initial access vectors, including valid accounts.
● There is a convergence of influence narratives between ideological groups: 2023 was characterized by an increasing convergence in narratives used in Chinese covert influence operations with narratives originating from the Russian disinformation ecosystem and US domestic violent extremists, coupled with an increased presence on alt-tech platforms.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more