Rapid7 Mid Year Threat Review 2023

Keypoints

• Most cybersecurity reports follow a structured format, including an executive summary, threat landscape overview, vulnerability analysis, incident response trends, threat actor activity, security guidance, and resources for further learning.
• Key statistics reveal that nearly 40% of incidents are linked to weak multi-factor authentication enforcement, with ransomware impacting over 1,500 global victims in the first half of 2023.
• Severe vulnerabilities like CVE-2023-34362 (Progress MOVEit Transfer) and CVE-2023-29059 (3CX DesktopApp backdoor) were widely exploited, indicating persistent focus on public-facing enterprise apps.
• Incident response data shows a 69% increase in cases year-over-year, with common attack vectors including brute force, credential stuffing, and exploitation of unpatched vulnerabilities.
• The ransomware landscape remains stable among dominant groups, though new actors such as the Akira gang have emerged, demonstrating ongoing evolution of the threat environment.
• Dark web marketplaces continue to facilitate sale of exploits, with zero-days for network devices like Cisco and Fortinet valued around $75,000, fueling organized cybercrime.
• State-sponsored threat activities are concentrated on geopolitical targets, utilizing techniques such as exploit public-facing applications, spear phishing, and abusing valid accounts, with a focus on cyber warfare and espionage.
• Most APT attacks exploit older vulnerabilities, including Cisco IOS and Telerik UI flaws, stressing the importance of regular patching and vulnerability management.
• Effective mitigation strategies include enforcing multi-factor authentication, patching critical vulnerabilities rapidly, monitoring data exfiltration activities, and restricting privileged access.