From 1-Hit Wonders to Unrelenting Threats
In 1976, Thin Lizzy’s iconic hit “The Boys Are Back in Town” climbed to the 12th spot on the charts and quickly became their signature tune. However, Thin Lizzy’s claim to fame was short-lived, and they would forever remain a 1-hit wonder. While the music world moved on, cybercriminals embarked on a journey that would yield them continuous chart-topping success in the world of cyberattacks. Looking back at 2023, it’s evident that cyberthreats never let their guard down, much like a timeless hit that keeps returning to the airwaves, slightly revised.
The Rise of Cyber Incidents
Since the early days of the Creeper virus in 1971, cyber incidents have been on the rise. In 2023, the cybersecurity landscape painted a bleak picture:
- Phishing Dominance: Phishing scams continued their reign as the most common form of cyberattack for the third consecutive year.
- Business Impact: A staggering 46% of cyberattacks impacted businesses with fewer than 1000 employees, underscoring the vulnerability of smaller enterprises.
- Slow Response: On average, it took 277 days to identify and contain a data breach, with an average cost of $139,000 per claim.
- Alarming Frequency: In 2023, there was one successful cyberattack every 1.12 seconds, highlighting the relentless nature of these threats.
- SMB Vulnerability: The average financial impact of a breach for small and medium-sized businesses (SMBs) stood at $98,000.
Preparation and Prevention
Despite the ever-growing threat landscape, not all organizations were adequately prepared to defend against cyberattacks. In fact, only 44% of companies had both a prevention and response plan for IT security incidents. Sadly, the prevailing mindset often treats cybersecurity as a backward-looking function rather than a forward-looking, value-added one.
Promising Developments
Amid these challenges, we see signs of hope. Gartner predicted that organizations that isolated or segmented their Internet of Things (IoT) devices would experience 25% fewer successful cyberattacks by 2023. This marked a significant step toward enhancing cybersecurity.
Attack Vectors: The Greatest Hits
Cybercriminals continued to adapt and evolve, employing various attack vectors to breach systems and compromise data. Some of the most prominent attack tactics included:
- Malicious Documents: Globally, 38% of malicious email attachments were Microsoft Office formats, such as Word, PowerPoint, and Excel.
- Archive Files: Archive files like .zip and .jar represented around 37% of all malicious file extensions.
- RedLine Stealer Trojan: Cybersecurity experts discovered this Trojan being sold on hacking forums and the Dark Web for as little as $150, posing a significant threat to personal data security.
- Ecommerce Exploitation: Small and medium-sized retailers became victims of formjacking code injection, highlighting the risks associated with online shopping.
Changing Motivations
Cybercriminal motivations underwent a shift, moving from mere financial gain to intelligence gathering. In 2023, 96% of targeted attacks aimed at intelligence gathering.
The Phishing Phenomenon
Phishing attacks reached their highest level in three years, with more than 30% involving keyloggers. Spear phishing was the most frequent targeted attack vector, affecting small organizations at a higher rate. Notably, over 95% of malware-distributing emails required human action.
Spam Stays Relevant
Spam remained a dominant force in email-based cybercrime. Cybercriminals manipulated feedback forms on large companies’ websites to bypass spam filters and reach victims.
Cloud Solutions Hit Sour Notes
Cloud-based systems are now being targeted as more organizations shift from in-house, on-premises business applications to cloud-hosted systems. Monitoring, detection and response solutions are emerging but are playing catch up.
Mobile Takes Center Stage
Mobile platforms became a primary target, with 70% of online fraud occurring through mobile devices. More than 90% of surveyed organizations experienced compromises involving mobile devices.
Cybercrime’s Lucrative Earnings
Atlas VPN revealed that cybercrime earned criminals a staggering $1.5 trillion annually, dwarfing the revenue of major corporations.
Protecting Against the Encore
As cyberthreats continued to evolve, businesses had to adapt. IT Radix recommendations for improving cybersecurity included:
- Multi-Layered Defense: Implementing a multi-layered defense strategy across systems, networks, programs, and data.
- Employee Education: Educating employees about data security principles, including strong passwords and email security.
- Cybersecurity Framework: Establishing a framework for dealing with cyberattacks.
- Investing in Technology: Utilizing technology to protect endpoint devices, networks, and the cloud.
- Regular Updates and Patching: Keeping all software and systems up-to-date.
- Access Controls: Restricting access to essential information.
- Regular Audits and Testing: Conducting cybersecurity audits and penetration testing.
In closing, unlike 1hit wonders, cyberattacks have proven to be an enduring threat that demands constant vigilance and adaptation. As organizations face an ever-evolving cyber landscape, your ability to stay ahead of the curve will determine your resilience in the face of unrelenting cyber adversaries.
IT Radix is here to keep you tuned in to the ever changing “Top 100 Cyberattacks” chart. Let’s talk about your cybersecurity landscape in 2024. Contact IT Radix today.
First published in our January 2024 IT Radix Resource newsletter