Annual review regarding vulnerabilities and attacks for 2023

Date : February 12, 2024

The aim of this review is to highlight the general tendencies and threat evolution to help the community to enhance their protections.

This document is available:

The chapter on major trends for this year focuses firstly on phenomena directly impacting companies:

  • The four most significant attacks of the year: Barracuda ESG (CVE-2023-2868), MOVEit Transfer (CVE-2023-34362), 3CX (CVE-2023-29059) and Citrix NetScaler (July and October).
  • The increase in zero-day attacks,
  • Attacks on edge-devices,
  • New criminal cyberattacks (in addition to ransomware and BEC attacks): MOVEit-style attacks, advanced social engineering and credential hunting (ATO),
  • Other observations, including: pro-Russian DDOS attacks, use of RMM tools, attacks against VMware ESXi and phishings through OneNote and Teams.

We then look at other important trends:

  • Crypto-currencies: a favoured target for many attackers
  • Cyber-warfare: the growing importance of cyber weaponry for states
  • China's continued dominance in the cyber-offensive space
  • Pegasus and Predator: the abuse of surveillance tools continues.

 

Image generated with https://worditout.com/

Previous Previous Next Next Print Print