Security teams need to continually bolster their cybersecurity controls and expertise to keep up with the evolving threat landscape. Successful readiness and response to a cybersecurity breach requires the right mix of people, processes and technology. Yet challenges with staffing, technical issues, and budget hamper threat detection and response for too many organizations, creating gaps that threat actors are eager to exploit.

Tomorrow, January 28, marks the annual Global Data Privacy Day, an annual reminder of the importance of safeguarding personal information in our always-connected society. With the boundaries between the online and offline realms becoming increasingly blurred, we find ourselves generating an unprecedented amount of data about ourselves, our loved ones, and our personal lives.

Cybercrime isn’t unique to certain sectors or industries. But some areas are more at risk, like local governments and municipalities. It makes sense, governments not only hold a lot of personal and valuable information on their systems, but government entities are interconnected and critical to the operations of a given area — from police forces to court hearings to basic administration and document processing. It’s a high– value target for hackers.

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). Although different vulnerability types, both vulnerabilities could allow an unauthenticated threat actor to inject files into the operating system of the vulnerable product which could result in RCE. Both vulnerabilities were responsibly disclosed to VMware and have not been actively exploited in campaigns.

As organizations rethink their responses to persistent, evolving threats such as ransomware, they’re also having to deal with economic shifts, staffing issues, and shrinking budgets, meaning they are having to make tough choices on how to best protect their critical data. To better understand how enterprises are acting, we surveyed 920 decision makers from enterprises across industries in the US, UK, and Germany.

It’s been splashed across headlines and popped up in social media statuses — organizations are evaluating budgets and laying off staff. These layoffs, which have hit departments like marketing and IT across a variety of industries, are more than anecdotal. Our global survey, which took responses from 920 decision makers at enterprises with more than 1,000 employees showed that there is a major shift happening in internal spending and hiring.

Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.

Ransomware has gone global. While 2022 saw a reprieve in the sheer number of ransomware attacks (the attack rate dropped at the same time as the war between Russia and Ukraine began), it also saw the rise of ransomware-as-a-service, the proliferation of attacks of major organizations, and attacks that stretched across time zones and borders. In 2022, nine of our top 20 breaches involved ransomware (45%), affecting millions of individuals and their private data. That is up 15% over 2021.

Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple ManageEngine products. Note: CVE-2022-47966 is dependent on the specific ManageEngine product. Some products are vulnerable if SAML single-sign-on is enabled OR has ever been enabled, while others require SAML single-sign-on to be currently enabled.

Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory was later published, summarizing the affected products and remediation. This vulnerability affects several credential management products including ManageEngine PAM360, ManageEngine Access Manager Plus, and ManageEngine Password Manager Pro.

When it comes to cybersecurity, knowledge is power. Understanding what threats exist, where trends are headed, and how cybercrime could affect your organization is all critical to building up your defenses and improving your security posture. For example, the cybercrime industry is now a $1.5 trillion industry — has your organization contributed to that total? Is your organization concerned about cyber attacks?

Our mission at Arctic Wolf is to end cyber risk, and our North Star on that mission is the NIST security operations framework. Spanning five functions (Identify, Protect, Detect, Respond, Recover), the NIST framework offers guidelines and best practices that when followed, allow an organization to both reduce the likelihood and the impact of cyber-attacks.

Another year, another reshaping of the never-boring and constantly evolving world of online crime. Old favorites like phishing, MITM attacks, and, of course, ransomware carried on strong while new variations and tricky workarounds continued to develop. For our final monthly cyber attack roundup of the calendar year, let’s take a look at four cases that stood out for the versatility of their executions, the escalation of their tactics, and/or the aggressiveness of their perpetrators.