Record number of software security flaws uncovered in 2022
A record 26,448 software security flaws were reported by CISA last year, with the number of critical vulnerabilities (CVEs) up 59 percent from 2021 at 4,135.
The 2023 Annual Threat Intelligence Report, from the Deepwatch Adversary Tactics and Intelligence (ATI) team, also shows that the conflict between Ukraine and Russia has unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.
"In 2022, Security Operations teams were forced to contend with the dual sided challenge of a rapidly expanding attack surface and increasingly complex threats," says Jerrod Barton, senior director of ATI at Deepwatch. "As move forward in 2023, data extortion and attacks of opportunity will continue to evolve, employing different extortion tactics and techniques to force victims to pay the ransom. With threats evolving quickly, security organizations must operationalize threat intelligence by gathering data from every possible source, then effectively processing, correlating, and incorporating that information into day to day security operations to reduce risk."
The report also looks at the threats we're likely to encounter in the year ahead. It's no surprise to learn that cybercriminals read publicly available Open Source Intelligence (OSINT) and analyst reports. Whether this is to learn what security researchers are reporting about them, a new technique, or discover the technical details of a new vulnerability, Deepwatch expects this trend to continue in 2023.
Source code repositories are seen as an attractive target for cybercriminals, and the report warns that organizations must be vigilant in order to protect themselves.
Researchers also expect to see a continued increase in the development and use of information-stealing malware for cybercriminals to steal sensitive information and sell it on cybercriminal marketplaces.
The full report is available from the Deepwatch.