Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As organizations rethink their responses to persistent, evolving threats such as ransomware, they’re also having to deal with economic shifts, staffing issues, and shrinking budgets, meaning they are having to make tough choices on how to best protect their critical data. To better understand how enterprises are acting, we surveyed 920 decision makers from enterprises across industries in the US, UK, and Germany.

It’s been splashed across headlines and popped up in social media statuses — organizations are evaluating budgets and laying off staff. These layoffs, which have hit departments like marketing and IT across a variety of industries, are more than anecdotal. Our global survey, which took responses from 920 decision makers at enterprises with more than 1,000 employees showed that there is a major shift happening in internal spending and hiring.

Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.

Ransomware has gone global. While 2022 saw a reprieve in the sheer number of ransomware attacks (the attack rate dropped at the same time as the war between Russia and Ukraine began), it also saw the rise of ransomware-as-a-service, the proliferation of attacks of major organizations, and attacks that stretched across time zones and borders. In 2022, nine of our top 20 breaches involved ransomware (45%), affecting millions of individuals and their private data. That is up 15% over 2021.

Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple ManageEngine products. Note: CVE-2022-47966 is dependent on the specific ManageEngine product. Some products are vulnerable if SAML single-sign-on is enabled OR has ever been enabled, while others require SAML single-sign-on to be currently enabled.

When it comes to cybersecurity, knowledge is power. Understanding what threats exist, where trends are headed, and how cybercrime could affect your organization is all critical to building up your defenses and improving your security posture. For example, the cybercrime industry is now a $1.5 trillion industry — has your organization contributed to that total? Is your organization concerned about cyber attacks?

Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory was later published, summarizing the affected products and remediation. This vulnerability affects several credential management products including ManageEngine PAM360, ManageEngine Access Manager Plus, and ManageEngine Password Manager Pro.

Our mission at Arctic Wolf is to end cyber risk, and our North Star on that mission is the NIST security operations framework. Spanning five functions (Identify, Protect, Detect, Respond, Recover), the NIST framework offers guidelines and best practices that when followed, allow an organization to both reduce the likelihood and the impact of cyber-attacks.

Another year, another reshaping of the never-boring and constantly evolving world of online crime. Old favorites like phishing, MITM attacks, and, of course, ransomware carried on strong while new variations and tricky workarounds continued to develop. For our final monthly cyber attack roundup of the calendar year, let’s take a look at four cases that stood out for the versatility of their executions, the escalation of their tactics, and/or the aggressiveness of their perpetrators.

On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service.