ReliaQuest Annual Threat Report 2023

Keypoints

• Cybersecurity reports from major vendors typically consist of sections such as Executive Summary, Threat Landscape Analysis, Incident Data and Trends, Sector Vulnerability Insights, Threat Actor Activities, Vulnerability and Exploit Analysis, Ransomware and Malicious Campaigns, and Recommendations for Defense.
• These reports often include comprehensive statistical data, such as incident counts, most common attack techniques, and sector-specific threat exposure, providing a clear picture of current risks.
• They identify evolving attack techniques, notably the widespread exploitation of exposed remote services (VPNs, RDP), and defense evasion techniques like indicator removal and data destruction, emphasizing the increasing sophistication of threat actors.
• Key trends highlight the persistent threat of initial access brokers (IABs) who sell network access (mainly RDP and VPN), with activity predominantly targeting U.S. companies and manufacturing sectors, and with high median prices for access to financial institutions.
• Vulnerability analysis focuses on high-impact flaws like Spring4Shell and Log4Shell, urging organizations to prioritize patching and vulnerability management, especially for externally exposed systems.
• Ransomware trends reveal LockBit as the most active group, utilizing frameworks like SocGholish malware distribution, underscoring the need for robust endpoint detection and response capabilities.
• Insights into threat actor infrastructure show open domain registration and command-and-control servers, with registrars like NameCheap playing a significant role in hosting malicious infrastructure.
• Overall, the report underscores the importance of proactive monitoring, vulnerability mitigation, and sector-specific defense strategies to combat contemporary cyber threats.