Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The 2023 Arctic Wolf State of Cybersecurity Trends Report takes the temperature of organizations around the globe to understand not only their current and future concerns, but how they are responding today to the problems that plagued them in previous years. Our research shows that despite the enduring nature of many of these challenges, organizations are making measurable strides in areas where progress has proven limited in previous years.

When Arctic Wolf surveyed over 900 decision makers across the globe, an area of cybersecurity that kept reappearing in responses was cloud security. Last year, cloud adoption rate was at 99% but only 19% of those organizations were implementing cloud security posture management (CSPM) solutions. As cloud-originated breaches increase, it’s no surprise then that cloud concerns are also rising.

On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited in the wild. These vulnerabilities impact Windows systems and Exchange servers.

In December 2022, the FCC opened a call for comment requesting stakeholders provide input on whether E-Rate program funds can be used to support advanced or next-generation firewalls and services, as well as other network security services. For those unfamiliar with the program, E-Rate is a Federal Communications Commission (FCC) program that provides funding to schools and libraries for telecommunications and internet services.

A great deal of focus in the cybersecurity industry is placed on the dangers threat actors pose to small and medium-sized businesses. For good reason, too. These organizations often lack the budget and staffing required to provide 24×7 monitoring, detection, and response, leaving them exposed to attack. These same factors can find them incapable of mounting a robust incident response plan post-breach.

The names of over 1.5 million individuals were published on the dark web in January after ahacker gained access to the TSA’s “No Fly List.” That’s a lot of names (including aliases and birth dates), so why wasn’t the list secure, and how did it get leaked? The entire breach came down to one small business with one misconfigured server.

Arctic Wolf has observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments. Unlike malicious Word and Excel files, infected OneNote files do not require the security prompt asking the end-user to allow macros, thus increasing the chances of unknowingly running the malicious executable.

Vulnerabilities cause the majority of cybercrime. There are always new vulnerabilities appearing as software gets updated and as cyber criminals work behind the scenes to find new backdoors to organizations’ systems. In the first half of 2022 alone, 81% of incidents happened through an external exposure — either a known vulnerability or a remote desktop protocol. The sheer volume of vulnerabilities grew again in 2022, with over 25,000 recorded, and over 800 have been actively exploited.

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code execution vulnerability being actively exploited in the wild. Exploitation of this vulnerability could allow sensitive data to be leaked and potentially used for extortion.

The new year is upon us, but from a cybersecurity perspective, things look much the same as they did last year. January brought fresh attacks on a pair of familiar targets, high-stakes escalations in the ransomware game, and questionable crisis management from a high-profile victim. In other words, business as usual for cybercriminals! Let’s look at a few noteworthy cybercrimes from January 2023.