Calibrating Expansion: 2023 Annual Cybersecurity Report

2023 continues the dramatic climb in Smart Protection Network (SPN) counts on overall threats blocked, peaking anew on the uptrend that started in the wake of the pandemic. A closer look at the downtrend on early detection filters (Email Reputation Service, Web Reputation Service) suggests that cybercriminals could be deprioritizing wider targets to focus on better infiltration as seen in the continuous surge in endpoint detections (File Reputation Service).

Vulnerabilities remain a huge concern for SOCs as 2023 headlines featured legitimate file-sharing services abused, while trusted methods of credential verification such as multi-factor authentication can be bypassed as in the case of EvilProxy attacks. Well-known messaging platforms, such as Skype and Teams, are also being utilized by cybercriminals, in this case DarkGate, to deliver VBA loader script to victims.

Meanwhile, threat actors are abusing legitimate processes, as in the case of AsyncRAT’s misuse of aspnet_compiler.exe. Infostealers RedLine and Vidar, as well as an attack that suggests the return of Genesis Market, are also abusing EV code signing for defense evasion. Personal and actionable data such as crypto wallets and browser and mail credentials continue to be the prime target for cybercriminals. Data shops in the dark web will remain a staple, with RedLine and Vidar coming out on top in in-the-wild popularity levels. Individuals and organizations should maximize tools that help keep your data and identity safe as life post-pandemic brings most transactions online.