2023: The top cyber threats facing large enterprises

1. February 2023
| No comments
2023: The top cyber threats facing large enterprises

Share post

Cyber ​​threats: This year, Kaspersky experts predict that cybercriminals will use media to blackmail large companies and government institutions and report on alleged data leaks.

In addition, initial access to companies that have already been compromised is increasingly being acquired on the Darknet. They also anticipate an increase in the malware-as-a-service model and attacks via the cloud. That's a lot of upcoming threats.

More cyber threats as early as 2022

In the past year, around two thirds (59,3 percent) of large companies in Germany were confronted with more cyber attacks. The attacks put data, financial assets and a company's reputation at risk. As part of Kaspersky Security Bulletin, experts from Kaspersky Security Services have examined the threats that will be relevant to large companies and the government sector this year. The experts predict the following threats:

1. Blackmail countdown to data leak

Ransomware actors are increasingly reporting successful hacker attacks on companies in their blogs. In September and November last year alone Kaspersky Digital Footprint Intelligence around 400 or 500 contributions. While cybercriminals used to contact victims directly, instead of privately demanding a ransom, they now post about the security breach on blogs and display a countdown until the leaked data is made public. This trend is expected to continue this year, benefiting cybercriminals whether the affected company pays or not. The data is often auctioned, with the closing bid sometimes even exceeding the ransom demanded.

2. Cyber ​​criminals boast of fake leaks

Blog posts about extortion are attracting media attention, which some lesser-known actors are likely to take advantage of in 2023. They will claim to have allegedly hacked a company, regardless of whether the hack actually happened. It will still damage the company mentioned.

3. Leaks of personal data jeopardize professional mail accounts

The Kaspersky experts continue to assume that there will be more leaks of personal data this year. In addition to the direct impact on the privacy of individuals, this also jeopardizes the cyber security of companies. Because employees often use work email addresses to register with third-party websites. Publicly available email addresses are of interest to cybercriminals; they can use it to spark discussions about potential attacks on the dark web and use them for phishing and social engineering.

4. Malware-as-a-Service, attacks via the cloud and compromised data from the dark web

The experts assume that ransomware attacks using Malware-as-a-Service (MaaS) tools will become more and more similar. Due to increasingly complex attacks, automated systems are no longer sufficient to ensure comprehensive security. In addition, cloud technology will become a popular attack vector, since digitization generally means a larger attack surface.

"The threat landscape is evolving rapidly, and organizations are being forced to adapt quickly," said Anna Pavlovskaya, security services analyst at Kaspersky. “To protect a large enterprise or government agency from today's threats, an organization's digital footprint must be considered. It is important to be prepared to investigate and respond to incidents as it is not always possible to stop attackers before they penetrate an organization's perimeter. At the same time, however, preventing the development of an attack and containing the potential is a perfectly doable challenge.”

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Recommendations for protection against cyber threats

  • The software of all devices should always be up to date to prevent attackers from exploiting security gaps and infiltrating the network. Install available patches immediately.
  • Threat intelligence should be part of the cybersecurity strategy so that the security team is informed about the current tactics and methods used by cybercriminals.
  • Using Digital Footprint Intelligence, security analysts can explore their own corporate assets from the attacker's perspective in order to identify and eliminate potential threats.
  • In the event of a cyber security incident, Incident Response Services help to respond and minimize the consequences. In particular, compromised nodes are identified and the infrastructure protected against similar future attacks.
More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

PR News
, , , , , ,