As the year draws to a close, EclecticIQ’s Intelligence & Research Team looked back on the 2023 cyber landscape: from the evolving tactics of Chinese state-sponsored cyber operations, the increasing integration of AI tools by threat actors, the implications of hacktivism in global conflicts, and the escalation of ransomware attacks fueled by Cybercrime-as-a-Service.
Below is a brief overview of the report’s key themes. You can download the full report by clicking on the button below (open access).
I: Unraveling China's APT Tactics and Edge Device Exploits in Cybersecurity
Chinese state-sponsored cyber operations focused on stealthier tactics, utilizing zero-day exploits and "living-off-the-land" techniques. Actors target cloud environments due to organizations' rapid migration, with a notable case involving forged authentication tokens for accessing user emails. These developments mark a shift in the cybersecurity landscape for the year, with emerging threats and tactics.
II: The Pivotal Role of AI in Reshaping Cyber Threats and Defenses
The year 2023 witnessed substantial growth in AI, highlighted by OpenAI's ChatGPT's rapid user increase and the emergence of multiple generative AI tools. These tools have been incorporated into threat actors’ toolset to generate malicious content, raising significant cybersecurity and misinformation concerns. These developments indicate an evolving landscape where AI not only facilitates content creation, but also intensifies cybersecurity threats and misinformation campaigns on social media by streamlining processes and lowering the barrier to entry. Looking ahead to 2024, the AI landscape is expected to witness an arms race in cybersecurity, driven by both defenders and offenders using AI-powered tools.
III: Hacktivism as a Built-in Feature of Global Conflicts Has Important Implications for Non-Military Targets
Hacktivism is becoming an important and growing risk. Global conflict stimulates cybercriminal groups to collaborate in cyberattacks that support political causes. A falling distinction between military and civilian initiated cyberattacks and disruptions to non-military targets are the primary effects. Cyberattacks and hacktivist patterns observed this year orbit the Russia-Ukraine and Hamas-Israel conflicts. The most common focus of hacktivists remains information gathering and disrupting systems and services for impact to an expanding range of users and organizations.
IV: Cybercrime-as-a-Service Fueling the Escalation of Ransomware Attacks
In 2023, ransomware attacks reached peak levels due to the proliferation of Cybercrime as a Service (CCaaS). CCaaS enables cybercriminals to outsource various attack elements, making more complex techniques accessible to less tech-savvy individuals. Ransomware actors now prioritize assessing costs over ransom gains, targeting small enterprises, schools, and universities. Some organizations pay ransoms due to neglecting backup strategies and turn to insurance. However, paying the ransom doesn't guarantee data retrieval, highlighting the importance of robust backup and recovery strategies.
About EclecticIQ Intelligence and Research
EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.
We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.
You might also be interested in:
ChatGPT Vulnerability; LockBit Cyberattack On ICBC; US Water Authority Hacked
Welcoming EclecticIQ Intelligence Center 3.2