Cybersecurity provider, Obrela, has released the Digital Universe Report 2023, offering a look into the global cybersecurity landscape over the past year. The document extensively explores industry-specific and threat-specific cyber attacks, detailing the most common forms and sectors mainly targeted.
The report highlights that in 2023, the prevailing forms of cyber attacks were suspicious internal activity (35%), malware (18%), and cases involving security risks or policy violation. The sectors primarily targeted were banking and finance, services, and education.
The leading trends seen throughout the year encompassed “Suspicious Internal Activity”, “Malware”, and “security risks/violation policies”. An interesting development was the increase in state-sponsored cyber activities in the face of geopolitical tensions. State-sponsored Advanced Persistent Threat (APT) groups were seen increasing their operations, frequently targeting government entities, critical infrastructure, and strategic sectors to national interests.
Moreover, the prominence of supply chain vulnerabilities has become even more evident with cyber attackers seeking to exploit this as a single-entry point for simultaneously compromising varying targets. Obrela points out that cybercriminals are now frequently targeting less-protected third-party partners, looking to abuse the inherent trust within vendor-client connections for gaining infiltrated access.
With the growing migration of organisations to cloud services, cyber attackers have also shifted their focus accordingly. They now exploit misconfigurations, weak credentials, and insufficient access controls within these complex multi-cloud environments, resulting in unauthorised access and data exfiltration. The integration of Artificial Intelligence and Machine Learning in cyber attacks bolsters the effectiveness of techniques such as AI-driven phishing attacks, deepfakes, and automated vulnerability discovery.
The expanding footprint of Internet of Things (IoT) and operational technology (OT) devices in industrial and consumer contexts has added yet another layer of potential attack surfaces. Despite advancements in security technology, human factors persist as a considerable vulnerability. This is demonstrated by the continued evolution of phishing and social engineering attacks that exploit psychological manipulation and impersonation techniques.
Regarding preventative measures, Dr. George Papamargaritis, VP MSS at Obrela, notes the rise in organisations adopting a multi-layered approach to cybersecurity. This includes advanced threat detection and response tools, cybersecurity awareness training, robust data backup and recovery plans, and a zero-trust architecture. Papamargaritis emphasised the vital necessity for collaboration and information sharing between industries and governmental bodies for staying ahead of emerging threats.
Looking at the data gathered throughout 2023, Obrela collected around 14.5 PBs of logs from over 500K monitored devices/endpoints. Out of 1.6M triaged alerts, 31.5K cyberattack incidents were detected and effectively thwarted. “These figures underline what we are up against,” Papamargaritis says. “As we move further into 2024, staying informed of the latest threats and continuously adapting cybersecurity strategies is evermore essential for protecting against this increasingly dynamic and sophisticated attack landscape.”
Obrela’s report provides detailed descriptions of the most common forms of attack, as well as regional and sectoral analyses. Evidence suggests the banking and finance sectors received the highest number of ‘reconnaissance’ attacks, revealing a 37% increase compared to the previous year. The sector also suffered one of the highest levels of malware attacks, which increased by 26% annually. Furthermore, email attacks such as fraud and phishing, predominantly affecting the financial sector, surged by 43% compared to the previous year.
About Author
