2023 Year in Review Advanced Persistent Threats.
The Cisco Talos Intelligence Group continued to be at the forefront of detecting and responding to the most sophisticated and persistent cyber threats, commonly known as Advanced Persistent Threats (APTs).
Dedicated teams of experts are constantly monitoring and tracking the activities of the most prevalent APT actors, providing valuable insights into their tactics, techniques, and procedures (TTPs). Through extensive research and investigations, we have identified the latest Advanced Persistent Threats APT trends and patterns, which are highlighted in the 2023 Year in Review report.
One of the key findings of the report is the increasing dominance of the ransomware group LockBit. This group accounted for more than a quarter of the total number of victim posts on data leak sites. LockBit has been active since 2019 and has continued to evolve and refine their tactics, making them a formidable threat in the cybersecurity landscape. They have been known to target high-value organizations, including government agencies and large corporations, with their ransomware attacks.
Another concerning trend that emerged in 2023 was the use of defense evasion tactics by APT groups. Nearly a third of the top 20 most common MITRE ATT&CK techniques identified by Talos fell under this category. These tactics allow threat actors to bypass security measures and remain undetected for a longer period, giving them more time to carry out their malicious activities. This highlights the need for organizations to not only focus on prevention but also invest in detection and response capabilities.
Furthermore, the research also revealed that exploits in public-facing applications and compromised credentials were the most common initial access vectors observed by Talos Incident Response (IR) teams. This highlights the importance of regularly updating and patching applications and implementing strong password policies to prevent unauthorized access.
Apart from these trends, the 2023 Year in Review also highlighted the growing use of supply chain attacks by APT groups. These attacks involve targeting the software supply chain to distribute malicious code to unsuspecting victims. This method has been used by threat actors to target high-profile organizations and has the potential to cause widespread damage.
In addition, the report also delved into the use of social engineering tactics by APT groups to trick users into downloading malware or divulging sensitive information. This highlights the need for organizations to invest in security awareness training for their employees and implement strict policies for handling sensitive information.
As we look ahead to the future, it is clear that APTs will continue to be a major threat to organizations of all sizes and industries. The constantly evolving nature of these threats requires organizations to have a proactive approach to cybersecurity, with a focus on detection and response capabilities.
At Cisco Talos, they remain committed to staying ahead of these threats and helping organizations defend against them. Their team of experts will continue to monitor and track the activities of APT groups, providing valuable insights and threat intelligence to our customers and the broader cybersecurity community. We encourage organizations to read the 2023 Year in Review report and stay informed about the latest APT trends and patterns to better protect themselves in the future.
Cisco Talos 2023 Year in Review