On October 11, Critical Start published its biannual Cyber Threat Intelligence Report, leveraging research from its Cyber Threat Intelligence (CTI) team. The report analyzes top cyber threats from the second half of 2023 and emerging cybersecurity trends impacting critical industries such as finance, education, manufacturing, and state and local government (SLED).
Sixty-seven percent of organizations experienced a breach requiring attention within the last two years, despite having traditional threat-based security measures in place.
Now more than ever, hackers have access to advanced, automated technologies that are enabling an unprecedented number of cyberattacks, causing detrimental impact to organizations.
Key findings from Critical Start's report include:
- Phishing attacks leveraging Quick Response (QR) codes are on the rise, with bad actors masquerading as Microsoft security notifications with a QR code embedded inside a PNG image or a PDF attachment.
- Education remains one of the most susceptible industries to cyberattacks, yet there is more diversity in the types of threats. Vulnerability exploitation accounted for 29% of attacks, while phishing campaigns constituted 30% of cyber incidents on K-12 schools in 2023.
- Several known ransomware groups are sharing tactics, techniques, and procedures at a granular level, suggesting that threat actors are much more reliant on affiliates than previously thought, and highlighting the complex and ever-changing nature of the cybercrime ecosystem.
- Microsoft Teams allows external accounts to send potentially harmful files directly to an organization's staff, increasing the risk of successful attacks by bypassing security measures and anti-phishing training.
- Volt Typhoon, a threat actor sponsored by China, is likely to persist in carrying out cyber espionage campaigns to support the broader Chinese government agenda against U.S. critical infrastructure.
Furthermore, according to the latest research from the Critical Start CTI, the top 10 threats from 2H-2023 are:
• Microsoft Teams vulnerability
• Credential harvesting
• Attack vectors within the Education sector
• Threat actors collaborating
• Top three malware
• Malicious QR codes
• Domino malware
• Volt Typhoon
• Kubernetes clusters
"The volume and sophistication of cyberattacks is continuously growing and evolving, making it impossible for organizations to feel on-top of internal vulnerabilities and remain cognizant of every external threat," said Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start. "In an effort to democratize cyber threat intelligence, this report highlights the most prominent security-related issues plaguing business and how they can proactively reduce cyber risk."
As a part of the Critical Start Cyber Research Unit (CRU), Critical Start CTI continuously monitors emerging threat developments and vulnerabilities while collaborating with the Security Engineering and SOC teams to implement new detections that reduce the risk of a breach by expanding MITRE ATT&CK threat coverage for its customers.
Here are other recent reports issued by Critical Start: