Well-hacked old – Newspaper Kommersant No. 230 (7431) dated 12/10/2022

In 2023, information about already implemented vulnerabilities sold on the dark web will be a significant threat in the field of cybersecurity for large companies. This is due to the low cost of such data and the increase in the number of successful attacks in 2022. Experts consider attacks on cloud services to be another threat, the demand for which has grown sharply this year due to a shortage of computing power.

Next year, attackers will more often turn to darknet resources to buy access to already compromised corporate networks, according to Kaspersky Lab’s forecast of cybersecurity threats for corporations and large companies in 2023. Hackers will become more likely to place ads with the information that they managed to compromise the network of a company, and sell information about how to get into it. The increase in interest in such information will be due to the low cost of this service on shadow resources: in 2022, about 40% of all such ads announced a price of less than $1,000, says Yulia Novikova, head of the analytical department at Kaspersky Threat Intelligence. Ashot Hovhannisyan, the founder of the DLBI data leak intelligence and darknet monitoring service, agrees that the number of such announcements will grow. “The specialization of crackers is growing – some find vulnerabilities, the second create programs for hacking, the third directly attack networks, and the fourth infect them with ransomware viruses or steal information,” he clarifies.

In 2022, about twice as many accesses to compromised corporate networks of companies appeared on sale on shadow resources than in the previous period, confirms Vladimir Timofeev, head of the research and monitoring group of the underground of the Group-IB Threat Intelligence (cyber intelligence) department. Access to RDP (Remote Desktop User Connection Protocol) and VPN accounts have been and will remain the most popular — demand for them will continue next year, he clarifies.

According to Kaspersky Lab’s forecast, actions related to cloud and virtual technologies will be added to the main attack vectors, for example, sending malicious attachments by e-mail. Increasingly, companies are moving to the clouds: they can transfer data archives, use computing power, or resort to clouds when scaling infrastructure, says Yulia Novikova. Business migration to cloud resources has become a trend in 2022 due to a lack of computing power, as well as the exit from the market of a number of Western companies: Amazon Web Services, Google Cloud and Microsoft Azure. Only at the end of February, with the onset of sanctions, the demand for Russian cloud storage increased by 300% (see Kommersant on March 23). “With the departure of vendors, corporate clients faced the same challenges in terms of cybersecurity, both consumers of cloud services from providers and users of a private cloud,” say MTS cloud provider.

At the same time, experts also remind about other vulnerable areas of IT systems. In Informzaschita, for example, they believe that it is worth paying attention to the threats associated with software. A much greater increase in attacks is expected on information systems based on Linux and other open source solutions, says Ivan Melekhin, director of the IZ:SOC cyberattack monitoring and counteraction center at Informzashchita (Kommersant reported on the beginning of this trend on December 5).

Tatyana Isakova