Kaspersky experts presented their predictions about the challenges ahead Security operations centersExperts pointed to an increase in the number of digital security incidents that targeted the government and media sectors in the world in 2022, noting that this trend will continue in the current year.
Experts suggested that security operations centers in these and other sectors are facing more Repeated targeted attackssupply chain attacks via telecom service providers.
Another threat awaiting security operations centers is more public application hacking incidents.
Organizations threatened by ransomware attacks may also face the potential for their data to be destroyed.
The organizations’ view of their security operations centers indicates nothing more than a shortage of personnel and an increase in the demand for competencies.
Security operations centers are very important, given that the role of digital security in large companies increases significantly every year. Well-organized teams working in these centers can secure their organizations against malware and rapidly evolving attack methods.
This year’s Kaspersky Security Bulletin includes predictions for SOCs.
Frequent targeted attacks from government-sponsored actors
Experts noted that the average number of incidents in the media sector doubled in 2022, rising to 561 attacks, after reaching 263 in 2021.
The past year has seen a number of high-profile cases, including the interruption of Iranian state television broadcasts by hackers during the protests that rocked the country.
Media outlets have also been subjected to DDoS attacks, including media organizations in the Czech Republic.
The media has become a major target for cybercriminals, among targets that included 13 sectors that were subject to expert analysis, including the food, development and financial sectors, in addition to the government sector, which witnessed an increase in the average number of incidents by 36% in 2022.
Growth is expected to continue in 2023, with targeted attacks by government-sponsored actors more likely to be noticed. While this trend will prevail over government agencies, the media will be increasingly targeted during international conflicts that are traditionally associated with information warfare, due to the vital role the media plays in conflicts.
Large corporations and government entities have long been targets of cybercriminals and government-sponsored vandals, according to Sergey Soldatov, Head of the Security Operations Center at Kaspersky, who notes that political unrest “increased attackers’ motivations and reinvigorated hacking, which digital security professionals did not confront.” According to clear regulatory policies until 2022. He said: “The new wave of attacks has political motives and therefore targets the government and media sectors in particular, and it is necessary to protect institutions to implement comprehensive threat detection and treatment through managed services for detection and response to threats.”
Supply chain attacks via telecom service providers
In 2023, cybercriminals may target supply chains by stepping up their attacks on telecom companies, so the growing threat looms large. In 2021, the telecommunications sector witnessed, for the first time, a prevalence of high-risk incidents throughout the year.
Although the average rate of such incidents in 2022 was lower, reaching about 12% per 10,000 monitored systems, compared to 79% in 2021, these entities remain attractive targets for cybercriminals.
Ransomware Destroyers: Incidents of Public Application Hacking
Throughout 2022, Kaspersky experts noticed a new ransomware trend that is expected to continue in 2023, in which malicious actors not only encrypt corporate data, but also destroy it. It is a trend consistent with politically motivated attacks.
Another threat awaiting security operations centers is more incidents of hacking public applications used by the public, as penetration from the perimeter requires less preparation than phishing when old vulnerabilities are still exposed.
What will the security operations centers face internally?
The value that each team member (even the unskilled) holds in SOCs is increasing. Developing team skills is the proven way to counter the growing amount of threats, which makes trainings around hardware checks and other forms of exercise such as TTX, purple teams, and simulated attack advisory, highly important.
This, and the growing threat landscape leads to increased budgets allocated to security operations centers, and a higher demand for more competencies.
Increasing numbers of incidents and threats translate into a need to predict attacks and methods, which increases the value of threat intelligence and tracking.
The researchers recommend the following measures to protect against threats:
Always keep the software updated on all devices to prevent attackers from infiltrating the network through vulnerabilities, with the need to install patches for new vulnerabilities if available, as once updates are downloaded, malicious actors will not be able to exploit them.
Use the latest threat intelligence to stay on top of the actions, tactics and methods used by malicious actors, as well as choose a reliable endpoint security solution.
