Back
2022 Security Year in Review
What We Can Expect in 2023 Based on the Past Year’s Threat Landscape
As we gear up for the holidays and new year, it is that time of the year again to review this year’s security-related events and examine the themes for future security challenges we can expect in the coming year that may affect your organizations.
For DirectDefense, 2022 presented us with new and unique threats, while also allowing our organization to be very strategic with our solutions and services.
Ransomware Attacks
The tired old theme of ransomware is here to stay unfortunately. We handled several ransomware incident response events this year as a result of ransomware attacks, and yes, all the impacted organizations were still attempting to leverage legacy antivirus solutions or the near-free stuff that comes with your operating system or cloud subscription.
Gartner review hype aside, these solutions are never going to be 100% effective. Most days we are hoping for 95% effectiveness, which inevitably leaves room for attack. Thankfully, our friends at Halycon came out of stealth mode this year to provide the industry with a solution that is geared specifically around the ransomware threat case. DirectDefense is proud to offer the Halcyon Anti-Ransomware and Endpoint Resilience Platform as part of our MDR service, which provides your organization with the capability to have a second chance at stopping ransomware attacks – or at the very least capturing the keys leveraged by the ransomware so you never have to pay to get your data back.
Cloud Infrastructure Attacks
Another growth area for threat actors this year was to attack the default configuration settings in cloud-based services. These attacks were especially problematic for clients that were allowing their developers to run a development cloud environment with little or no production controls oversight. These attacks created some interesting challenges for our incident responders.
Organizations must ensure they have configuration requirements and service hardening procedures in place for all their cloud environments, not just production. These days, the default database service configurations in AWS, such as mongoDB, last about 5-10 minutes on the Internet before they get compromised. You may be asking, why are these services even exposed to the Internet in the first place? Oops! The dev team exposed the service by mistake. Yes, that happens a lot. Obviously, vulnerability scanning your cloud environments can help spot these issues. Similarly, using dedicated cloud compliance audit tools like Rapid7’s InsightCloudSec can give you continuous visibility and provide remediation capabilities to your SOC for faster response to these types of threats.
Blind by Design
Due to the scraping of 700 million email addresses from sites like LinkedIn in 2021, application threat actors had a heyday in 2022 with many successful attacks of applications that are blind at detecting attacks against users of the application or abuse of functions post-authentication.
It is about to be 2023, and yet there are applications out there today (several of them “certified” for their respective industry) that do not have the most basic of security controls or audit logs.
Yes, there are applications that do not have a lockout feature, nor do they create basic audit logs when users or service account settings are modified to aid in the detection of an attack. There is a lot of reliance on web application firewalls.
However, WAFs are only good for blocking coding attacks (OWASP) and limiting how many attacks can be sent to your application. They are extremely limited in spotting attacks that occur within your application.
Thankfully, our Apex Labs Professional Services team can aide your organization in testing your applications for function and logic vulnerabilities, testing the authentication mechanisms your application uses and spotting room for abuse, and they can review the quality of your application’s logs to make sure any human in a SOC can easily spot an ongoing attack within the application.
Strategic Outsourcing or Not
After being in the industry for well over 25 years, several of us here at DirectDefense are lucky enough to have friends and colleagues who are advancing in their careers and seek guidance as they progress. One of the biggest decisions for new CISOs in 2022 (and in the coming years), will be deciding on if they plan to build their SOC capabilities in-house or look outside for a MSSP/MDR provider to assist in augmenting their staffing.
Let’s face it, the uncertainty in the economy will not help staffing levels in the near future. If you are a US-based company, in order to have a properly-staffed SOC with 7×24 capabilities, you must legally have nine employees just to monitor your organization and start a triage response process (and pray no one gets sick, so assume you need 12 just to be safe). Most organizations are lucky to have 5-8 staff members dedicated to security.
With the limited number of staff available to handle monitoring, it just makes financial sense to look for a MSSP/MDR provider to help your organization with its security monitoring requirements and allow your primary staff to focus on implementing and operationalizing strategic initiatives for the organization.
We Are Here to Help
As the threat landscape continues to evolve, so does DirectDefense. By leveraging best-in-breed technology solutions within our Managed Services, Professional Services, and Connected Systems verticals, we are fulfilling our responsibility as a service provider in the security space while others continue to rely on freemium solutions to make higher margins and resist the adoption of new solutions.
With 2023 around the corner, the threats facing legacy systems and sub-par security software are only growing stronger, and every organization is at risk of falling victim to any number of security breaches.
We assist clients from the largest Fortune 100 companies to the smallest of credit unions and in a variety of verticals to achieve both their strategic and tactical security goals, and we have the right tools in our arsenal to help you take on 2023.
If you would like to talk to us about your security testing, security monitoring, or strategic initiatives, we are here to help. Contact us today to discuss how we can help strengthen your security footprint.
12.12.22