Two-step phishing attacks, cyber-espionage increasing
Managed Detection and Response cybersecurity firm Critical Start has released its biannual Cyber Threat Intelligence Report, featuring the top threats observed in the first half of 2023.
The report looks at the emerging cybersecurity trends impacting the healthcare, financial services, and state and local government (SLED) industries, and also includes actionable insights to help organisations strengthen their security posture and proactively mitigate potential risk.
The cyber threat landscape is constantly evolving, and threat intelligence is essential for identifying and responding in real-time. Cybercrime has become the world's third largest economy, and estimated to generate $8 trillion (about $25,000 per person in the US) by the end of 2023.
The Critical Start Cyber Threat Intelligence (CTI) team analysed a range of intelligence sources, such as customer data, open-source intelligence, vulnerability research, social media monitoring, and dark web monitoring to identify the most pressing cybersecurity threats of the first half of 2023.
The Critical Start Security Operations Center (SOC), which monitors millions of endpoints with over 80,000 investigations a week, saw increases overall in the number of investigated alerts, alerts escalated to customers, and alerts that were of high or critical priority. In the first quarter of 2023, the SOC saw a 38.88% increase in the number of high or critical priority alerts escalated to customers over the previous quarter.
The report found two-step phishing attacks are on the rise, with attackers using convincing emails that resemble legitimate vendor communications, often related to electronic signatures, orders, invoices, or tracking information.
The new Beep malware is top of mind for organisations and individuals. This pervasive threat is delivered via email attachments, Discord, and OneDrive URLs.
The report also revealed state-sponsored cyber espionage is becoming increasingly common, with threat actors operating out of Russia, potentially India, and the Asia-Pacific (APAC) region.
"We are continuing to observe an unyielding surge in the volume of cyberthreats, including advanced malware, botnets, ransomware, cryptojacking, and more," says Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start.
"While many of these attack trends are troubling, there are a number of things organisations can do to reduce their risk, such as investing in security awareness programs, updating security protocols, working with trusted partners to address vulnerabilities, and partnering with an MDR vendor like Critical Start."
As a part of the Critical Start Cyber Research Unit (CRU), Critical Start CTI continuously monitors emerging threat developments and vulnerabilities while collaborating with the Security Engineering and SOC teams to implement new detections that reduce the risk of a breach by expanding MITRE ATT&CK threat coverage for our customers.