Envisions is a leading threat report, produced by the VerSprite team of cybersecurity analysts, that encompasses cyber trends and geopolitical themes to provide the best expert overview of the state of cybersecurity. As our team is working on Envisions 2023, we look back at how the cybersecurity landscape has drastically changed in 2022, what influenced the uptick in cybercrime, and what you need to be aware of to better prepare for the coming year.
Part 1. INSIDER THREAT
By Daniel Stiegman, Threat Intelligence Group Principal Analyst
When looking back on 2022, in review of the assessments made in VerSprite’s Envisions 2022 report, VerSprite’s Threat Intelligence Group discusses Insider Threats and their impact over the last year.
An aspect of cyber threats, that seems to be underestimated is “Insider Threats.” According to Ponemon Institute’s 2022 Costs of Insider Threats Global Report, “56% of all security incidents” were related to non-malicious/negligent users, and 26% of “incidents relating to criminal insider[s].” The divisive nature in the work sector was correct. It traversed from culture to professional workplace.
A potentially dangerous component to insider threats (in the discussion of malicious users), was nation-state actors’ strategy to recruit insider threats for ransomware attempts. Ransomware groups sought out this new strategy, when they realized that trying to conduct reconnaissance, get initial access, and socially engineer a non-malicious user is costly, inefficient and risked greater exposure.
The ransomware groups attempted the “4th Evolution (or Stage)” of ransomware when a weakness would be identified, get the “malicious insider” to trigger the ransomware, and reward them with part of the ransom, if conducted. Not many accepted the terms of the bribe/reward. There were more ideological insider threats, than coerced, due to their behavior in response to a catalyst they deemed worthy of an insider threat action.
Threat Actors attempted to find organizations with the prospect of future layoffs, mergers, or news of contention, due to some preconceived “ill”. There were some VIPs that were targeted, but mostly due to dissatisfaction with the policy to have employees return to “on-site” work, in the post-pandemic era.
Another catalyst for insider threats was disagreements with socio-economic decisions seen in headlines or trends. Some examples would be Coca-Cola, MLB, in Georgia, or companies moving to Texas, or Florida, due to some legislative blowback. Tesla and SpaceX had many insider threats over the course of the last year, because of social network discussions and controversial news.
The last year saw an increase in insider threat attack attempts, and 2023 is assessed to have a significant increase. During that time, Flashpoint identified “109,146 total instances of insider recruiting, insider advertising, or general discussions involving insider-related activity.” Additionally, they discovered 11,376 total authors, 22,985 total unique posts, and 3,964 total Telegram channels/forum chats, involving Insider Threats. Threat Actor groups like Lapsu$$ and LockBit were the most active in the Insider Threat recruiting landscape, mostly focused on financial targets within organizations.
Many large companies are conducting layoffs due to the economic recession; coupled with the increase in leak sites and illicit marketplace forums, 2023 can expect a rise in “Insider Threats.” With the recession and projected rising costs of products and services in 2023, it is assessed that insider threats will increase above the 7% trend, seen since 2018. Security Awareness training and a solid Insider Threat Investigation program would be an organization’s best deterrent to those insider threats.
To read the full Envisions 2022 threat report, click here.
VerSprite’s Threat Intelligence Group provides organizations with real-time threat monitoring, analysis, prevention recommendations, and mitigation. Our elite team works with companies across all industries and security maturity levels to defend against threats. For more information on Versprite’s Threat Intel Group or their managed monitoring tool, CTIP, contact one of our security advisers today.