Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Once again, Arctic Wolf has taken the temperature of organizations across the globe to determine how the cybersecurity landscape of 2022 is shaping their 2023 concerns and actions. While the survey covered a number of topics, one stood out: ransomware. 48% of organizations ranked ransomware as their number one concern for the coming year. While that’s down from 70% in 2022, it doesn’t mean that ransomware is going away.

The financial services industry is under constant threat from cybercriminals, thanks to the large amounts of money and data they move and store. In fact, financial services businesses suffer 300 times more cyber-attacks than companies in other sectors, and the cost of downtime is among the highest in any industry. 57% of IT professionals say their organizations can’t tolerate the loss of mission-critical applications for a full hour, with 15% reporting they can’t tolerate ANY downtime.

As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware intrusion that exploited a Mitel MiVoice VoIP appliance, we have observed a shift in the group’s Tactics, Techniques, and Procedures (TTPs).

On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities were discovered by Fortinet’s Product Security team.

Last year cyber threats were at the forefront of many business leaders. Not only did the Australian Cyber Security Centre (ACSC), receive over 76,000 cybercrime reports, an increase of 13 percent from the previous financial year, major cybersecurity incidents at Optus, Medibank, and others made cybersecurity a top of mind issue for many in Australia and New Zealand.

Cybercrime is on the rise. This trillion-dollar industry is only gaining momentum with ransomware and business email compromise attacks, and recent trends show that the odds of becoming a breach victim are about 50%. Not to mention that the skills shortage gap continues to plague organizations, with many stating they would need five or more employees to fill it.

Since 2017, an upwards trend of vulnerabilities has been observed, reported to, and analyzed by the National Institute of Standards and Technology (NIST). According to the National Vulnerability Database (NVD), there were more than 25,200 vulnerabilities published in 2022, making it another record-breaking year, with an increase of 25% compared to 2021. That’s a five-time increase over the past decade.