10 common cybersecurity threats & attacks (2023 update)
10.5 trillion dollars. That’s the projected annual cost of global cybercrime by the year 2025. But cybercriminals are constantly sharpening their skills and honing new attacks; so the actual cost could easily be higher.
You need to attack potential digital threats from many angles. Remaining up to date on industry trends and the latest hacker tactics, techniques, and procedures (TTPs) is one of the simplest things you can do to stay protected.
But you need to know just what you’re up against. We have compiled a list of the 10 most common cybersecurity threats you will face in 2023 and what you can do to protect against them.
The impact of cybersecurity attacks in 2022
Navigating the world of common cyber threats is becoming increasingly complex. 71% of organizations were compromised by ransomware in 2022, suggesting a more or less constant stream of attempted attacks. Combined with the increase in remote work, it’s easy to see that there’s no shortage of opportunities for digital threat actors.
Cybersecurity lessons from 2022
In 2022, human error was recognized as one of the biggest threats to cybersecurity. Brad LaPorte, a partner at HighTide Advisors, predicts 99% of data breaches will be caused by a misconfiguration of settings or installation by an end-user — meaning most common cyber threats of the future may be avoidable with proper employee education.
In the MSP world, we also noticed that providers overall are going to need to do more in terms of cybersecurity going forward for themselves and their clients. These steps include things like pursuing a zero-trust network architecture and investing more in community training and threat intelligence research.
2022’s cyber threat landscape is still relevant in 2023. While you must remain flexible and ready to respond to novel threats, MSPs should also establish a structured plan for what to do after an attack. First perform a cybersecurity risk assessment, then develop the right cybersecurity framework for your business.
Cybersecurity threats and attacks in 2023
Protecting our constantly connected devices and monitoring malicious mobile attacks are just the tip of the iceberg. MSPs should be wary of a wide range of hacker TTPs that will continue to be common in 2023. Here are the 10 top cybersecurity threats to watch out for.
In 2022, over 25,000 vulnerabilities were assigned a common vulnerabilities and exposures (CVE) number in the National Vulnerabilities Database. Each of these represents an actively-exploited vulnerability that MSPs need to be aware of.
Recent critical vulnerabilities found in Microsoft Exchange servers are among some of the most prominent examples. These vulnerabilities, known as ProxyLogon, were actively exploited by an APT known as HAFNIUM, and several new vulnerabilities have since been discovered in Microsoft Exchange.
Though many MSPs have made the transition to Microsoft 365 for their clients, those still supporting on-premises Exchange need to pay close attention to these vulnerabilities, as a compromised Exchange server can be catastrophic for an organization.
In addition to vulnerabilities in Exchange servers, a new phishing technique has emerged that is designed to bypass the default behavior for handling VBA macros in Office documents downloaded online, using LNK files. These files are simple to craft, appear innocuous, allow arbitrary execution, and can bypass many of the defenses found in Office document
While there is no direct mitigation for protecting against malicious LNK files, MSPs can take steps to protect against some delivery vectors and limit options for execution, like email restrictions, blocking disk image files from automatically mounting, and enacting application controls. In addition, user education and network design using the principle of least privilege and zero trust can help reduce the overall attack surface.
Another major area of vulnerability is IoT devices with inherent vulnerabilities that cybercriminals can exploit to gain access to the device or its data, but we will address those specifically later on.
2. Business email compromise
Business emails can be compromised by cyber threats in several ways, including:
- Phishing. Cybercriminals can use phishing emails to trick employees into divulging sensitive information, such as login credentials or financial information. These emails may appear to be from a trusted source, such as a bank or a supplier, and may use social engineering techniques to persuade the recipient to take action.
- Malware. Cybercriminals can use malware, such as viruses or trojans, to infect a user's computer and gain access to their email accounts. Once the malware is installed, it can steal login credentials or capture sensitive information from the user's computer.
- Social engineering. This type of cybersecurity attack tricks employees into divulging sensitive information or granting access to their email account. This can include impersonating an executive or IT administrator or creating a fake login page that appears to be legitimate.
- Weak passwords. If employees use weak, reused, or easily guessable passwords, cybercriminals can use brute-force attacks to guess the password and gain access to the email account.
Once a cybercriminal gains access to a business email account, they can use it to send phishing emails or other types of spam, steal sensitive information, or use the account to launch attacks against other employees or the company's systems. To protect against these threats, businesses should:
- Train employees on how to identify and avoid phishing emails.
- Insist employees use strong passwords and two-factor authentication.
- Keep software and security systems up to date.
- Implement email security measures such as spam filters.
One growing type of cybersecurity threat is crime-as-a-Service (CaaS). CaaS describes the provision of cybercriminal tools, services, and expertise through an underground, illicit marketplace. Essentially, CaaS allows criminals to outsource the technical aspects of their operations to other cybercriminals with more expertise.
CaaS allows criminals to access a wide range of nefarious services and tools, such as:
- Malware development
- Exploit kits
- Initial access brokers
- Phishing kits
- Botnet rental
- Hacking tutorials
These services are often provided via a subscription model, where cybercriminals pay on a regular basis for access to certain tools and talent.
The use of CaaS has led to an increase in cyberattacks in recent years, as it lowers the barrier to entry for would-be cybercriminals. With access to sophisticated tools and services, even those with limited technical knowledge can carry out cyberattacks, widening the suspect pool and thereby making it more difficult for law enforcement agencies to track and prosecute cybercriminals.
4. Supply chain attacks
Supply chain attacks are a relatively new cybercrime innovation that continue to grow in scope and frequency. Hackers infiltrate supply chain technology to access source codes, build codes, and other infrastructure components of benign software apps, their end goal being to use these legitimate platforms as conduits for distributing malware into supply chain systems.
Examples of high-profile supply chain attacks include:
- The Shylock banking trojan virus
- Attacks by third-party data storers
- “Drive-by” watering hole attacks
Cybersecurity experts believe that supply chain attacks are increasing due to:
- Open-source code
- Compromised pipeline tools
- Poor code uploads
Preventing future supply chain attacks may be one of the biggest challenges your team will face. With the increased reliance on open-source platforms and APIs, hackers will have no shortage of infiltration points to execute their malicious endeavors.
But all hope is not lost. Here are steps you can take to protect clients against supply chain attacks:
- Use endpoint monitoring tools to spot and stop suspicious activity.
- Stay current with all system patches and updates.
- Implement integrity controls to ensure users are only running tools from trusted sources.
- Require admins and other users to use two-factor authentication.
In addition to the steps above, MSPs should have an effective incident response plan. As we mentioned, supply chain attacks are relatively new, so some are bound to infiltrate systems as we learn more and develop better protective techniques.
Check out our ConnectWise incident response webinar to learn more about how our service offerings can prepare your clients if disaster strikes.
5. Cloud-based attacks
Cloud-based attacks encompass a wide range of hacker TTPs. With so many businesses using the cloud — and with cloud networks becoming more intricate — their infrastructure has become low-hanging fruit for digital threat actors.
Cybersecurity professionals focus on something known as the “Egregious Eleven.” These are the 11 most popular infiltration points for cloud-based threats. In order of severity, they are:
- Data breaches
- Misconfiguration of settings and installs
- Poor cloud security setup and planning
- Mismanagement of ID, login credentials, and account access
- Stolen or hijacked accounts
- Insider threats
- APIs and insecure software interfaces
- Weak control plane
- Applistructure and metastructure failures
- Restricted cloud usage visibility
- Abuse of cloud services
Because cloud-based applications shoulder most of the modern corporate workload, focusing on airtight cybersecurity practices is one of the best steps anyone can take to protect themselves and their partners. The following steps are good preventative measures:
- Monitoring access to sensitive resources
- Enforcing strict password requirements
- Implementing a sound data backup plan
- Leveraging data encryption
To add an extra layer of protection, MSPs should also implement routine penetration testing. Thinking like a cybercriminal and pushing your cybersecurity protocols to the breaking point is one of the best ways to strengthen your defenses. Be sure to assess and inventory potential system weaknesses after testing.
6. Data center attacks
Cybercrime data center attacks can take many forms, including:
- DDoS attacks
- Malware attacks
- Insider threats
- Phishing attacks
- Ransomware attacks
Data centers are often high-value targets for cybercriminals, as they store and process large amounts of sensitive information. Therefore, it is crucial for you to implement robust security measures such as access controls, intrusion detection and prevention systems, as well as regular security audits to protect against these attacks.
Malware, specifically ransomware, continues to pose a significant cybersecurity threat. This form of cyberattack has been around for decades, and hackers continue to evolve their delivery methods.
To help keep your clients educated in 2023, here is some of the ransomware data that should be on your radar:
- According to our 2023 Cyber Threat Report for MSPs, Lockbit was by far the most prevalent ransomware in use in 2022, but activity decreased in Q4 of that year, potentially suggesting a behavioral change from affiliates.
- The amount of money extorted from ransomware victims in 2022 was actually less than the year before, at least $456.8 million down from $756.6 million. This is largely because less people are willing to pay.
- An October 2022 ransomware attack on the CommonSpirit Health hospital system cost the company $150 million in revenue; a class action lawsuit from patients whose information was compromised is on the horizon.
- Global ransomware damages are predicted to exceed $265 billion by 2031.
- There were an estimated 236.1 million ransomware attacks globally in the first six months of 2022.
- Ransomware was the chosen method for 623.3 million attacks worldwide in 2021. That works out to 2,170 attempts per user and 105% growth from the 2020 numbers.
- 230,000 new malware samples are produced daily, and experts predict that number to keep growing.
Modern EDR (endpoint detection and response) software can help prevent ransomware payloads from executing. They can also set security parameters on endpoint web browsing to ensure clients’ employees don’t stray too far from safe browsing locations.
Combined with this is the potential threat of double and triple extortion. With double extortion, malicious actors may threaten victims with having their sensitive data sold or exposed, versus simply requiring a ransom to decrypt it. With triple extortion, payment may be demanded from anyone who is affected by leaked data, not just the originally attacked company.
Additionally, having a solid and robust backup plan is one of the best ways to protect against ransomware. If your system is on the larger side, you can’t possibly prevent 100% of attacks. The key is having procedures in place to back up corrupted data from the attacks that do get through.
8. IoT device hacking
With many employees working from home and accessing sensitive company platforms and data from multiple scattered endpoints, combined with the progression of cloud technology, hackers have more infiltration opportunities than ever before. At ConnectWise, we refer to this as the “infinite edge,” the new reality that MSPs have to grapple with.
Most businesses are at risk of exposure to external device cybersecurity threats. Although experts in the industry say the number of attacks has decreased, digital threat actors continue to develop more sophisticated infiltration methods.
Cybercriminals often target the following:
- Default passwords. Many smart devices come with default login credentials that are easy to guess, such as "admin/admin" or "admin/password." Cybercriminals can exploit these default passwords to gain access to the device and its data.
- Unsecured Wi-Fi networks. Smart devices often connect to Wi-Fi networks, which can be unsecured or use weak encryption. Cybercriminals can exploit vulnerabilities in these networks to intercept data transmitted over the internet.
Once cybercriminals have gained access to a smart device, they can carry out a range of attacks, such as:
- Stealing data
- Installing malware
- Launching DDoS attacks
- Spying on the device's owner through its camera or microphone
Hackers are getting more creative in the emails, messages, and social media tactics they use to trick mobile users into downloading malicious software and handing over private information. Threat actors will even leverage the App Store to infect users’ mobile devices. This is bad news, as so many devices are connected to the internet.
Fortunately, there are ways to protect your devices:
- Have users select secure, difficult passwords.
- Stay current with OS updates and system patches.
- Make sure clients encrypt their data.
- Have clients install antivirus or anti-malware protection.
- Changing default passwords
- Keeping software updated
- Avoiding unsecured Wi-Fi networks
- Being cautious of suspicious emails or links
If you use devices on less secure, public networks, don’t do anything work-related or any tasks requiring access to sensitive data. It’s also helpful to monitor or screen employees’ app downloads. Configure parameters that prohibit certain apps from being downloaded to your devices.
9. Insider threats
Once internal system users are compromised, they can become an even greater threat to the system than external attackers. The Ponemon Institute’s 2022 report on the global state of insider threats found that incidents have risen 44% since 2020.
The Ponemon Institute also found the cost of insider threat breaches to be on the rise. Businesses that experience an insider threat can expect it to cost them somewhere in the neighborhood of $15.38 million.
The bulk of those costs come from disruption of business, loss in technology value, and direct and indirect labor. Those three categories alone account for 63% of insider threat costs. The remaining 37% of costs come from workflow changes, cash outlays, overhead, and subsequent revenue losses.
Much like social engineering, insider threats rely on the negligence and actions of a company’s end users.
In addition to conducting cybersecurity awareness training, you should implement tools and procedures to proactively monitor employees’ networks, such as ConnectWise’s SIEM platform. You should also set up parameters and tools to monitor user behavior, as well as establish strict security protocols.
10. State-sponsored cyber warfare
State-sponsored cyber warfare refers to the use of cyberattacks by one nation-state against another for strategic or military purposes. These attacks are often carried out by well-funded and highly skilled teams of hackers or cyber soldiers who are trained and supported by a government.
State-sponsored cyber warfare takes many forms, including:
- Cyber espionage. Cyber espionage involves stealing sensitive information from another country's government, military, or critical infrastructure.
- Sabotage. Sabotage involves disrupting or disabling critical systems such as power grids, financial systems, or transportation systems to cause chaos and damage.
- Propaganda. Propaganda involves using social media or other channels to spread misinformation or disinformation to influence public opinion or sow discord.
- Offensive cyber operations. Offensive cyber operations involve using cyber-attacks to disrupt or destroy another country's military capabilities, such as command and control systems or weapons systems.
This is particularly pertinent due to the use of cyberwarfare in the Russia/Ukraine War, which preceded physical conflict and is still ongoing. Our 2023 MSP threat report has a comprehensive breakdown of the actions that Russian state-sponsored threat actors have already taken, and what they are likely to do moving forward.
State-sponsored cyber warfare can have serious consequences, including economic damage, loss of life, and national security risks. As a result, countries often invest heavily in cyber defense capabilities to protect against such attacks and to develop their own offensive capabilities to deter potential attackers. It is also important for nations to cooperate and coordinate with each other to prevent and mitigate the effects of state-sponsored cyber warfare.
General best practices for MSPs in 2023
Here are a few best practices you can follow internally to minimize the chances of one of these attacks infiltrating your clients’ systems:
- Implement audits. Keep track of any system changes for clients, attacks you’ve dealt with, etc. You’ll be able to avoid any mistakes and continually improve your offerings for clients.
- Use enterprise-class software. ConnectWise can help on this front. We have a full suite of products to help you give your clients the exact service and protection they need.
- Stay proactive. Remain ahead of the curve when it comes to hacker/attack education, client system updates, and anything else that’s within your grasp. Planning ahead and being prepared are two of the most critical steps in protecting clients’ digital assets.
- Keep clients in the loop. Have open lines of communication with your clients. Even in the event of drastic errors, breaking the news right away is always the best course of action. You and your client can work together to get out in front of the issue. By not saying anything, you may turn a minor issue into a much bigger problem.
- Train your staff often. Your team should constantly be renewing their training on cybersecurity trends and news, but also on your internal company policies and procedures. This way, they’re both knowledgeable about their craft and also able to follow company SOPs to provide white-glove customer service.
As always, ConnectWise is here to help with a variety of Cybersecurity Management Solutions for MSPs. Request a demo of our cybersecurity suite or talk to a cybersecurity expert to see how we can help you protect your business and your clients.