Cyberattacks -- where they come from and the tactics they use
A new report from Netskope looks at the activities of cybercriminals based on the techniques and motivators that were most commonly detected among its customers in the first three quarters of 2023.
In news that will come as a surprise to precisely nobody it shows that the highest percentage of cybercriminal activity comes from Russia, while China accounts for most politically-motivated attacks.
The financial services and healthcare industries have seen a significantly higher percentage of activity attributable to geopolitical threat groups. In those verticals, nearly half of activity observed comes from these adversaries, as opposed to financially motivated groups. Sectors such as manufacturing, state and local government, education and technology saw less than 15 percent of activity coming from geopolitical-motivated actors, with the remaining threats being financially motivated.
Spearphishing links and attachments are the most popular techniques for initial access so far in 2023 and, as of August, adversaries have been three times more successful at tricking victims into downloading spearphishing attachments compared to the end of 2022. While email continues to be a common channel used by adversaries, the success rate is low due to advanced anti-phishing filters and user awareness. However, adversaries have found recent success using personal rather than business email accounts.
So far in 2023, 16 times as many users attempted to download a phishing attachment from a personal webmail app compared to managed organization webmail apps. 55 percent of malware that users attempted to download was delivered via cloud apps, making these the number one vehicle for successful malware execution. The most popular cloud app in the enterprise, Microsoft OneDrive, is responsible for more than one-quarter of all cloud malware downloads.
"If organizations can look at who our top adversaries are and the incentives that motivate them, then you can look at your defenses and ask, 'What protections do I have in place against those tactics and techniques? How will this help me hone in on what my defensive strategy should be?'" says Ray Canzanese, threat research director at Netskope Threat Labs. "If you can defend effectively against the techniques outlined in the report, you're defending effectively against a really wide swath of adversaries. No matter who you're up against, you'll have defenses in place."
The full report is available from the Netskope site.
Image credit: peshkov/depositphotos.com